| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen gefunden was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.05.2013, 22:21
| #1 |
 |  TR/Dropper.gen gefunden was nun? Guten Abend liebe Helfer, der Echtzeitscanner von AVIRA hat die Datei TR/Dropper.gen bei mir auf dem System gefunden! Was kann ich nun machen damit dieser Trojaner ordnungsgemäß entfernt wird. Bitte um eure Hilfe! Danke im voraus. Unten habe ich die Logdateien angehangen. Code:
ATTFilter 27.05.2013 19:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Internet Explorer\ielowutil.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dominic :: DOMINIC-PC [Administrator] 27.05.2013 21:59:48 mbam-log-2013-05-27 (21-59-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224274 Laufzeit: 19 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Dominic\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 19 C:\Users\Dominic\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Local\Temp\ltbs.zip (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Local\Temp\ltsilentio\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Local\Temp\ltsilentio\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\Downloads\FlashPlayer_V.52359204c.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Dominic\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) |
|
27.05.2013, 22:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Dropper.gen gefunden was nun? Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
28.05.2013, 17:43
| #3 |
| | TR/Dropper.gen gefunden was nun? Hallo cosinus vielen dank für die schnelle Antwort. Wie gewünscht die OTL logfiles.
__________________Code:
ATTFilter OTL logfile created on: 28.05.2013 18:10:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominic\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,78% Memory free 7,73 Gb Paging File | 5,51 Gb Available in Paging File | 71,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 6,35 Gb Free Space | 4,41% Space Free | Partition Type: NTFS Drive P: | 140,95 Gb Total Space | 22,53 Gb Free Space | 15,99% Space Free | Partition Type: NTFS Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dominic\Downloads\OTL.exe (OldTimer Tools) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - P:\Program Files (x86)\open office\program\soffice.exe (OpenOffice.org) PRC - P:\Program Files (x86)\open office\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - P:\Program Files (x86)\open office\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE419 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.0.202.145:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: VLC Web Plugin (Enabled) = P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Skype Click to Call = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Google Mail = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Dominic\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msigmg32.dll,doVdlgSCe File not found O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = P:\Program Files (x86)\open office\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C715D9B-320F-4739-BACC-2B483D6DE224}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B692E382-B46B-49E0-8CA6-6356ABB96264}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.28 18:08:15 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\loadtbs [2013.05.27 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun - Trojaner-Board_files [2013.05.27 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Malwarebytes [2013.05.27 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.27 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.27 21:58:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.27 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1 [2013.05.27 21:50:54 | 000,000,000 | ---D | C] -- C:\Navilog1 [2013.05.26 22:34:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2013.05.26 21:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2013.05.26 21:16:55 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Local\Programs [2013.05.22 20:11:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.22 20:02:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.22 20:02:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.22 20:02:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.05.22 20:02:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.05.22 20:02:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.05.22 20:02:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.22 20:02:10 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.22 20:02:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.22 20:02:10 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.22 20:01:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.22 20:01:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.05.22 20:01:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.05.22 20:01:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.05.22 20:01:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.05.22 20:01:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.05.22 20:01:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.05.22 20:00:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.05.21 21:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.21 09:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013 [2013.05.08 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.07 20:13:44 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.28 18:11:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 18:11:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 18:02:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 18:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 18:01:40 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2013.05.27 23:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.27 23:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.27 22:56:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job [2013.05.27 22:24:47 | 000,106,376 | ---- | M] () -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun - Trojaner-Board.htm [2013.05.27 22:24:09 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job [2013.05.27 21:58:05 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.27 19:12:18 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job [2013.05.27 19:03:36 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job [2013.05.26 22:33:16 | 000,000,848 | ---- | M] () -- C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.26 21:17:18 | 000,000,892 | ---- | M] () -- C:\Users\Dominic\Desktop\CrystalDiskInfo.lnk [2013.05.26 21:14:38 | 000,002,376 | ---- | M] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk [2013.05.26 17:48:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.26 17:48:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 17:48:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.26 17:48:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 17:48:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.26 17:41:27 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 20:11:04 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.22 11:27:48 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.21 21:57:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.05.21 21:57:37 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.05.21 09:41:03 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.05.16 16:30:07 | 000,131,133 | ---- | M] () -- C:\Users\Dominic\Desktop\Germany.pdf [2013.05.07 20:13:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.27 22:24:45 | 000,106,376 | ---- | C] () -- C:\Users\Dominic\Desktop\TR Dropper.Gen entdeckt - was tun - Trojaner-Board.htm [2013.05.27 21:58:05 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 22:33:16 | 000,000,848 | ---- | C] () -- C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.26 21:17:18 | 000,000,892 | ---- | C] () -- C:\Users\Dominic\Desktop\CrystalDiskInfo.lnk [2013.05.26 21:14:38 | 000,002,376 | ---- | C] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk [2013.05.22 20:11:04 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.21 09:41:03 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.05.16 16:30:07 | 000,131,133 | ---- | C] () -- C:\Users\Dominic\Desktop\Germany.pdf [2013.01.13 22:07:13 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini [2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.04 02:51:44 | 000,007,625 | ---- | C] () -- C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 22:19:02 | 000,003,584 | ---- | C] () -- C:\Users\Dominic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.01 20:31:53 | 000,000,718 | ---- | C] () -- C:\Windows\wininit.ini [2011.06.16 16:20:17 | 000,000,000 | ---- | C] () -- C:\Users\Dominic\AppData\Local\{71D90A8B-6C5B-4710-A01C-C37C344ADDC5} [2010.07.13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.13 22:11:53 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Buhl Data Service [2013.05.28 18:21:59 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Dropbox [2013.03.07 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\DVDVideoSoft [2012.04.28 12:26:47 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.16 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\ICQ [2012.05.10 18:08:12 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Liteon [2013.05.28 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\loadtbs [2011.08.22 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\OpenOffice.org [2012.06.18 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Origin [2013.05.08 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\SoftGrid Client [2011.03.06 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\TP [2012.04.04 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Dominic\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2013 18:10:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominic\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,78% Memory free
7,73 Gb Paging File | 5,51 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 6,35 Gb Free Space | 4,41% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,53 Gb Free Space | 15,99% Space Free | Partition Type: NTFS
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E6259D-7CDD-4800-BF6B-8C35C3BB4B20}" = lport=137 | protocol=17 | dir=in | app=system |
"{190F95B1-8726-44BD-A2F5-7D1BF3118B6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{32E08E3E-B1A7-46A3-8C3A-AFD8268ADE5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B5081F0-E60E-4974-8574-9DE0CF601040}" = lport=139 | protocol=6 | dir=in | app=system |
"{40A3B9F9-7BCB-4352-8B39-72142E4CE5B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{47624B65-154B-477D-BDE8-CB2FED391854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65D69AAD-82A9-460E-9975-B3199647B736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{74C31532-5E19-49AB-81FA-EC565319BD15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A7CEDED-43BF-4C6A-9D5C-0F3F01605308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D97BF95-9C99-4F34-AA76-CCA434FEAFE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92BF8E2F-6250-4F2B-A4FE-485A4BA42DC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9593422A-D0BA-4917-ADA4-2A54F9626A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F871B61-2F4D-43FE-A4DB-8794B8FDAE82}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0B14462-58BB-4ADA-94B1-D3803018AF5B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5958036-DDEA-42C9-838E-F6ACEFE33160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11453BE-E9EB-463B-A297-E8341FF94DD6}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08757FD3-9F8A-44FC-A6EE-13D53F9AA6B5}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{0BB7A654-9293-459D-8B3F-604F2C0B7270}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E4DD80A-89C8-4AFE-BA16-D690A5DD0CEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20CBF5AE-FD2C-4F7E-A354-4231E13F49A2}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{2F326BE1-68C1-4269-9ABD-31E141F693A0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"{343BA5FE-FD65-45A9-890C-BD0C2043EF2D}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{37B607D2-28D3-495D-B313-42CA11EDE166}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{46E028C5-7ADE-489D-A90C-0B6DADD22CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B3E57D2-9A41-457D-B501-513FD8B54094}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{53293032-1630-4CD8-B120-BBF06396E67C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{5345F1C6-66FC-4190-AB45-BB4038C46AD4}" = protocol=6 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe |
"{54476611-C3DB-4820-81F6-5A0A3C85E69E}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{54E0361C-19B2-4C19-9D32-2F3F610ABE3A}" = protocol=6 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{572B3711-BF54-41B7-AEC5-FCA9C418BC47}" = dir=in | app=c:\users\dominic\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{59483C95-DD1D-4F44-BCD7-2E376C69F6C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C2530E3-1490-4935-BFDA-BB9161C6009C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{5EEAAA19-4B88-47A9-A944-B1B8B024B9CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{61A0696F-8107-4884-BE12-5039B6A29E6B}" = protocol=17 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe |
"{6D63BD9D-CB0A-44D9-94D4-89B4D72F845B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{70B57DEF-6C03-4869-A565-E9E5BC21230B}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7560CAD5-2833-444B-AF09-8700BA77F23C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{90B735A1-D8CB-4C01-8B67-B8141AAA886F}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{966D2B8A-2F2E-4E5B-ACA3-5D31022FBEF5}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steam.exe |
"{9BE989CB-5B6B-49B5-9DE2-D329E672C516}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steam.exe |
"{9EEFF54A-F4A1-49A0-AFF5-A256FFD2E10A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC3105C5-73D9-4BAD-BB8B-7FEE549B2C8E}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{BCFF1487-B704-4032-90FE-E334B80C6CE7}" = protocol=17 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C16CA4B9-512B-46C3-8AB5-365DD481E6FE}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{CAF76FB7-DB93-4C61-B440-902AD7F380AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D9FAEB46-3C17-44A5-BAC2-EDB936E6283C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{F122F3B7-60C7-4638-B66D-6F5F2691FD81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F55B3A92-27A4-4398-8AA4-546316115199}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"TCP Query User{1FEB5430-C188-45DC-9E75-AB47420DA4E9}P:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{31EE6465-96D8-4DC1-84D2-6F276F930D11}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{4DB65B7D-0F83-448C-9460-6B4272A03D9C}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{6E1B31C9-6EDC-4603-8801-6562B78A5CEF}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{BF37AD35-5AA9-4DC6-AC0D-F4D08BEE59F9}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{CBF5AEB9-C72F-46F2-BEE0-F04812CAD6D3}P:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=p:\programme\icq7.4\icq.exe |
"TCP Query User{D10D88BE-7DCF-4AED-B1DC-39E6A2708E3F}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E3693444-3605-4CEA-BD2D-B8A7D7FB2F9F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F07FA1AD-986B-4522-9A43-AFC20CC19C18}P:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{26998D77-41A3-4134-930D-61A1AFF2F498}P:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{64708352-E5BE-465B-A972-4E301290222F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{680A7734-72A9-494B-948B-5F0803A57E99}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{70314CEB-91F2-4320-9FED-703FBBA243FA}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{82442E2F-13E5-46F4-832F-DC1306030EE2}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{D5A479AB-304F-4B22-8488-80B31339072F}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{D8252AF0-1AFA-4357-894C-4C0F9824466F}P:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=p:\programme\icq7.4\icq.exe |
"UDP Query User{EFF1D862-EC0E-45A0-921D-DC05627472A2}P:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{FF92CE33-8012-4EC7-B30C-27F8778E00E8}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = Catalyst Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FA602928-EB59-449c-B9F7-1FBE1291B63D}" = Syndicate™
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArgusMonitor" = ArgusMonitor
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2
"ESN Sonar-0.70.3" = ESN Sonar
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.4.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 55230" = Saints Row: The Third
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2012 08:32:33 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.05.2012 05:57:15 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 26.05.2012 12:32:58 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 27.05.2012 08:59:03 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.05.2012 07:20:03 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.05.2012 15:53:11 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.05.2012 08:58:49 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.06.2012 07:45:00 | Computer Name = Dominic-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.06.2012 08:24:13 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.06.2012 17:56:30 | Computer Name = Dominic-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 26.05.2013 12:28:23 | Computer Name = Dominic-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?05.?2013 um 18:25:07 unerwartet heruntergefahren.
Error - 26.05.2013 14:53:45 | Computer Name = Dominic-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?05.?2013 um 20:52:01 unerwartet heruntergefahren.
Error - 26.05.2013 16:30:45 | Computer Name = Dominic-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Yo-Safe" konnte der Transaktionsressourcen-Manager
aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode
ist in den Daten enthalten.
Error - 27.05.2013 12:58:11 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 27.05.2013 13:18:41 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Modules Installer erreicht.
Error - 27.05.2013 13:18:41 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 27.05.2013 13:18:46 | Computer Name = Dominic-PC | Source = DCOM | ID = 10005
Description =
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Blockebenen-Sicherungsmodul erreicht.
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Blockebenen-Sicherungsmodul" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 27.05.2013 16:09:44 | Computer Name = Dominic-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
28.05.2013, 23:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2013, 16:11
| #5 |
| | TR/Dropper.gen gefunden was nun? Hallo Cosinus hier das Logfile von combofix. Code:
ATTFilter ComboFix 13-05-29.01 - Dominic 29.05.2013 16:59:51.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2410 [GMT 2:00]
ausgeführt von:: c:\users\Dominic\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-29 ))))))))))))))))))))))))))))))
.
.
2013-05-29 15:05 . 2013-05-29 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 16:09 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7B33253-835E-41E1-ADCE-BC0AAD166EA5}\mpengine.dll
2013-05-28 16:08 . 2013-05-28 16:08 -------- d-----w- c:\users\Dominic\AppData\Roaming\loadtbs
2013-05-27 19:58 . 2013-05-27 19:58 -------- d-----w- c:\users\Dominic\AppData\Roaming\Malwarebytes
2013-05-27 19:58 . 2013-05-27 19:58 -------- d-----w- c:\programdata\Malwarebytes
2013-05-27 19:58 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-27 19:55 . 2013-05-27 20:52 -------- d-----w- c:\program files (x86)\Navilog1
2013-05-27 19:50 . 2013-05-27 20:52 -------- d---a-w- C:\Navilog1
2013-05-26 19:16 . 2013-05-26 19:16 -------- d-----w- c:\users\Dominic\AppData\Local\Programs
2013-05-22 18:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-22 18:00 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-05-21 19:41 . 2013-05-21 19:41 -------- d-----w- c:\windows\system32\SPReview
2013-05-08 19:34 . 2013-05-08 19:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-07 18:13 . 2013-05-07 18:13 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-06 14:46 . 2013-05-06 14:46 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 19:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-05-21 19:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-16 15:03 . 2011-02-19 17:23 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-11 19:18 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-02-16 23:42 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 17:27 . 2013-04-17 17:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-17 17:27 . 2012-05-22 11:59 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-17 17:27 . 2011-02-24 22:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-17 14:29 . 2013-04-17 14:29 0 ----a-w- c:\windows\SysWow64\RENFDD3.tmp
2013-04-17 14:29 . 2013-04-17 14:29 0 ----a-w- c:\windows\SysWow64\RENFDD2.tmp
2013-04-13 05:49 . 2013-05-22 18:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 18:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 18:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 18:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 18:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 18:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 18:59 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 15:51 . 2013-04-10 15:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 15:51 . 2011-06-12 13:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 22:42 . 2013-03-31 22:44 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-31 22:42 . 2013-03-31 22:44 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-31 22:42 . 2013-03-31 22:44 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-09 18:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 18:24 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 18:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 18:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 18:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 18:24 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"avgnt"="p:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.4.1.lnk - p:\program files (x86)\open office\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 25088]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-17 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-31 28600]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;p:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-31 86752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 15:51]
.
2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
- c:\users\Dominic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 13:19]
.
2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
- c:\users\Dominic\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-14 13:19]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-16 23:51]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-16 23:51]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job
- c:\users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 23:50]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job
- c:\users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 23:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526
uInternet Settings,ProxyServer = 41.0.202.145:8080
IE: Free YouTube to MP3 Converter - c:\users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - p:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-29 17:07:35
ComboFix-quarantined-files.txt 2013-05-29 15:07
ComboFix2.txt 2013-05-29 14:25
.
Vor Suchlauf: 9.796.206.592 Bytes frei
Nach Suchlauf: 9.732.825.088 Bytes frei
.
- - End Of File - - E7B37B1BB2A932C672C383A90D19E0B2
|
|
29.05.2013, 23:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> TR/Dropper.gen gefunden was nun? |
|
30.05.2013, 17:55
| #7 |
| | TR/Dropper.gen gefunden was nun? Servus Cosinus! Hier das logfile von "GMER": Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-30 15:37:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: w77yld2x.exe; Driver: C:\Users\Dominic\AppData\Local\Temp\pgliifod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
.text C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe[3300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Users\Dominic\AppData\Roaming\Dropbox\bin\Dropbox.exe[3300] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
.text P:\Program Files (x86)\open office\program\soffice.bin[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text P:\Program Files (x86)\open office\program\soffice.bin[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:4748] 0000000077357587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:2404] 0000000067810cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:4976] 0000000077bf2e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5240] 0000000077bf3e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5324] 0000000077bf3e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4508:5408] 0000000077bf3e45
---- EOF - GMER 2.1 ----
1.LOGFILE Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.30.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [administrator]
30.05.2013 18:10:47
mbar-log-2013-05-30 (18-10-47).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 239671
Time elapsed: 17 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Dominic\Downloads\FlashPlayer_V.52359204c.exe (Adware.DomaIQ) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.30.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dominic :: DOMINIC-PC [administrator]
30.05.2013 18:35:35
mbar-log-2013-05-30 (18-35-35).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 239588
Time elapsed: 14 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
30.05.2013, 22:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2013, 22:54
| #9 |
| | TR/Dropper.gen gefunden was nun? Hallo, ASWMBR file: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-30 23:28:14
-----------------------------
23:28:14.046 OS Version: Windows x64 6.1.7601 Service Pack 1
23:28:14.046 Number of processors: 4 586 0x2505
23:28:14.048 ComputerName: DOMINIC-PC UserName: Dominic
23:28:16.478 Initialize success
23:29:24.123 AVAST engine defs: 13053001
23:29:42.433 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:29:42.439 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:29:42.612 Disk 0 MBR read successfully
23:29:42.617 Disk 0 MBR scan
23:29:42.639 Disk 0 Windows 7 default MBR code
23:29:42.658 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
23:29:42.679 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
23:29:42.697 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147502 MB offset 27469824
23:29:42.711 Disk 0 Partition - 00 0F Extended LBA 144329 MB offset 329553920
23:29:42.749 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 144328 MB offset 329555968
23:29:42.948 Disk 0 scanning C:\Windows\system32\drivers
23:30:00.759 Service scanning
23:30:44.381 Modules scanning
23:30:44.736 Disk 0 trace - called modules:
23:30:44.749
23:30:45.783 AVAST engine scan C:\Windows
23:30:49.550 AVAST engine scan C:\Windows\system32
23:35:45.993 AVAST engine scan C:\Windows\system32\drivers
23:36:05.139 AVAST engine scan C:\Users\Dominic
23:43:24.677 AVAST engine scan C:\ProgramData
23:44:58.701 Scan finished successfully
23:48:42.882 Disk 0 MBR has been saved successfully to "C:\Users\Dominic\Desktop\MBR.dat"
23:48:42.898 The log file has been saved successfully to "C:\Users\Dominic\Desktop\aswMBR.txt"
Code:
ATTFilter 23:49:33.0401 4700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:49:33.0645 4700 ============================================================
23:49:33.0645 4700 Current date / time: 2013/05/30 23:49:33.0645
23:49:33.0645 4700 SystemInfo:
23:49:33.0645 4700
23:49:33.0645 4700 OS Version: 6.1.7601 ServicePack: 1.0
23:49:33.0645 4700 Product type: Workstation
23:49:33.0645 4700 ComputerName: DOMINIC-PC
23:49:33.0646 4700 UserName: Dominic
23:49:33.0646 4700 Windows directory: C:\Windows
23:49:33.0646 4700 System windows directory: C:\Windows
23:49:33.0646 4700 Running under WOW64
23:49:33.0646 4700 Processor architecture: Intel x64
23:49:33.0646 4700 Number of processors: 4
23:49:33.0646 4700 Page size: 0x1000
23:49:33.0646 4700 Boot type: Normal boot
23:49:33.0646 4700 ============================================================
23:49:34.0522 4700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:49:34.0534 4700 ============================================================
23:49:34.0534 4700 \Device\Harddisk0\DR0:
23:49:34.0534 4700 MBR partitions:
23:49:34.0534 4700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
23:49:34.0534 4700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x12017000
23:49:34.0554 4700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13A4A000, BlocksNum 0x119E4000
23:49:34.0554 4700 ============================================================
23:49:34.0586 4700 C: <-> \Device\Harddisk0\DR0\Partition2
23:49:34.0617 4700 P: <-> \Device\Harddisk0\DR0\Partition3
23:49:34.0655 4700 ============================================================
23:49:34.0655 4700 Initialize success
23:49:34.0655 4700 ============================================================
23:50:49.0528 3804 ============================================================
23:50:49.0528 3804 Scan started
23:50:49.0528 3804 Mode: Manual; SigCheck; TDLFS;
23:50:49.0528 3804 ============================================================
23:50:50.0074 3804 ================ Scan system memory ========================
23:50:50.0074 3804 System memory - ok
23:50:50.0074 3804 ================ Scan services =============================
23:50:50.0277 3804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:50:50.0479 3804 1394ohci - ok
23:50:50.0495 3804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:50:50.0542 3804 ACPI - ok
23:50:50.0589 3804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:50:50.0698 3804 AcpiPmi - ok
23:50:50.0791 3804 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:50:50.0807 3804 AdobeARMservice - ok
23:50:50.0979 3804 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:50:51.0010 3804 AdobeFlashPlayerUpdateSvc - ok
23:50:51.0072 3804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:50:51.0119 3804 adp94xx - ok
23:50:51.0135 3804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:50:51.0181 3804 adpahci - ok
23:50:51.0197 3804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:50:51.0228 3804 adpu320 - ok
23:50:51.0259 3804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:50:51.0431 3804 AeLookupSvc - ok
23:50:51.0478 3804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:50:51.0571 3804 AFD - ok
23:50:51.0603 3804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:50:51.0634 3804 agp440 - ok
23:50:51.0665 3804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:50:51.0743 3804 ALG - ok
23:50:51.0790 3804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:50:51.0821 3804 aliide - ok
23:50:51.0852 3804 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:50:51.0961 3804 AMD External Events Utility - ok
23:50:51.0977 3804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:50:52.0008 3804 amdide - ok
23:50:52.0039 3804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:50:52.0117 3804 AmdK8 - ok
23:50:52.0461 3804 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:50:52.0991 3804 amdkmdag - ok
23:50:53.0069 3804 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:50:53.0163 3804 amdkmdap - ok
23:50:53.0194 3804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:50:53.0256 3804 AmdPPM - ok
23:50:53.0303 3804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:50:53.0334 3804 amdsata - ok
23:50:53.0365 3804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:50:53.0397 3804 amdsbs - ok
23:50:53.0412 3804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:50:53.0443 3804 amdxata - ok
23:50:53.0553 3804 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:50:53.0584 3804 AntiVirSchedulerService - ok
23:50:53.0631 3804 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:50:53.0662 3804 AntiVirService - ok
23:50:53.0709 3804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:50:53.0911 3804 AppID - ok
23:50:53.0943 3804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:50:54.0052 3804 AppIDSvc - ok
23:50:54.0130 3804 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
23:50:54.0208 3804 Appinfo - ok
23:50:54.0255 3804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:50:54.0286 3804 arc - ok
23:50:54.0301 3804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:50:54.0333 3804 arcsas - ok
23:50:54.0395 3804 [ 1EF2B0B5E3601DD8CB6EA90761F5555C ] ArgusMonitor C:\Windows\syswow64\drivers\ArgusMonitor.sys
23:50:54.0442 3804 ArgusMonitor - ok
23:50:54.0473 3804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:50:54.0598 3804 AsyncMac - ok
23:50:54.0660 3804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:50:54.0691 3804 atapi - ok
23:50:54.0769 3804 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:50:54.0879 3804 athr - ok
23:50:54.0941 3804 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:50:54.0972 3804 AtiHDAudioService - ok
23:50:55.0019 3804 [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
23:50:55.0050 3804 ATITool ( UnsignedFile.Multi.Generic ) - warning
23:50:55.0050 3804 ATITool - detected UnsignedFile.Multi.Generic (1)
23:50:55.0097 3804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:50:55.0237 3804 AudioEndpointBuilder - ok
23:50:55.0253 3804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:50:55.0362 3804 AudioSrv - ok
23:50:55.0409 3804 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:50:55.0440 3804 avgntflt - ok
23:50:55.0503 3804 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:50:55.0534 3804 avipbb - ok
23:50:55.0549 3804 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:50:55.0581 3804 avkmgr - ok
23:50:55.0627 3804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:50:55.0737 3804 AxInstSV - ok
23:50:55.0783 3804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:50:55.0846 3804 b06bdrv - ok
23:50:55.0893 3804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:50:55.0955 3804 b57nd60a - ok
23:50:56.0017 3804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:50:56.0080 3804 BDESVC - ok
23:50:56.0095 3804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:50:56.0220 3804 Beep - ok
23:50:56.0298 3804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:50:56.0423 3804 BFE - ok
23:50:56.0470 3804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:50:56.0626 3804 BITS - ok
23:50:56.0641 3804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:50:56.0673 3804 blbdrive - ok
23:50:56.0719 3804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:50:56.0766 3804 bowser - ok
23:50:56.0782 3804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:50:56.0907 3804 BrFiltLo - ok
23:50:56.0907 3804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:50:56.0953 3804 BrFiltUp - ok
23:50:56.0985 3804 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:50:57.0078 3804 BridgeMP - ok
23:50:57.0109 3804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:50:57.0156 3804 Browser - ok
23:50:57.0172 3804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:50:57.0219 3804 Brserid - ok
23:50:57.0234 3804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:50:57.0281 3804 BrSerWdm - ok
23:50:57.0297 3804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:50:57.0359 3804 BrUsbMdm - ok
23:50:57.0390 3804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:50:57.0437 3804 BrUsbSer - ok
23:50:57.0437 3804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:50:57.0484 3804 BTHMODEM - ok
23:50:57.0515 3804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:50:57.0624 3804 bthserv - ok
23:50:57.0640 3804 catchme - ok
23:50:57.0655 3804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:50:57.0796 3804 cdfs - ok
23:50:57.0843 3804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:50:57.0889 3804 cdrom - ok
23:50:57.0921 3804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:50:58.0030 3804 CertPropSvc - ok
23:50:58.0061 3804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:50:58.0108 3804 circlass - ok
23:50:58.0139 3804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:50:58.0170 3804 CLFS - ok
23:50:58.0233 3804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:50:58.0264 3804 clr_optimization_v2.0.50727_32 - ok
23:50:58.0311 3804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:50:58.0342 3804 clr_optimization_v2.0.50727_64 - ok
23:50:58.0420 3804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:50:58.0435 3804 clr_optimization_v4.0.30319_32 - ok
23:50:58.0482 3804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:50:58.0498 3804 clr_optimization_v4.0.30319_64 - ok
23:50:58.0529 3804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:50:58.0576 3804 CmBatt - ok
23:50:58.0607 3804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:50:58.0623 3804 cmdide - ok
23:50:58.0669 3804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:50:58.0747 3804 CNG - ok
23:50:58.0794 3804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:50:58.0825 3804 Compbatt - ok
23:50:58.0857 3804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:50:58.0935 3804 CompositeBus - ok
23:50:58.0950 3804 COMSysApp - ok
23:50:58.0981 3804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:50:58.0997 3804 crcdisk - ok
23:50:59.0044 3804 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:50:59.0122 3804 CryptSvc - ok
23:50:59.0215 3804 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:50:59.0278 3804 cvhsvc - ok
23:50:59.0325 3804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:50:59.0449 3804 DcomLaunch - ok
23:50:59.0481 3804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:50:59.0574 3804 defragsvc - ok
23:50:59.0605 3804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:50:59.0699 3804 DfsC - ok
23:50:59.0730 3804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:50:59.0793 3804 Dhcp - ok
23:50:59.0824 3804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:50:59.0933 3804 discache - ok
23:50:59.0980 3804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:51:00.0011 3804 Disk - ok
23:51:00.0042 3804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:51:00.0120 3804 Dnscache - ok
23:51:00.0151 3804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:51:00.0261 3804 dot3svc - ok
23:51:00.0292 3804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:51:00.0385 3804 DPS - ok
23:51:00.0432 3804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:51:00.0479 3804 drmkaud - ok
23:51:00.0541 3804 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:51:00.0573 3804 DsiWMIService - ok
23:51:00.0635 3804 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:51:00.0697 3804 DXGKrnl - ok
23:51:00.0744 3804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:51:00.0853 3804 EapHost - ok
23:51:00.0963 3804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:51:01.0134 3804 ebdrv - ok
23:51:01.0181 3804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:51:01.0228 3804 EFS - ok
23:51:01.0290 3804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:51:01.0337 3804 elxstor - ok
23:51:01.0431 3804 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:51:01.0493 3804 ePowerSvc - ok
23:51:01.0509 3804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:51:01.0555 3804 ErrDev - ok
23:51:01.0602 3804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:51:01.0711 3804 EventSystem - ok
23:51:01.0774 3804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:51:01.0883 3804 exfat - ok
23:51:01.0930 3804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:51:02.0023 3804 fastfat - ok
23:51:02.0086 3804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:51:02.0164 3804 Fax - ok
23:51:02.0195 3804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:51:02.0242 3804 fdc - ok
23:51:02.0273 3804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:51:02.0367 3804 fdPHost - ok
23:51:02.0382 3804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:51:02.0491 3804 FDResPub - ok
23:51:02.0523 3804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:51:02.0554 3804 FileInfo - ok
23:51:02.0569 3804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:51:02.0663 3804 Filetrace - ok
23:51:02.0710 3804 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:51:02.0741 3804 FLEXnet Licensing Service - ok
23:51:02.0788 3804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:02.0819 3804 flpydisk - ok
23:51:02.0866 3804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:51:02.0897 3804 FltMgr - ok
23:51:02.0944 3804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:51:03.0037 3804 FontCache - ok
23:51:03.0084 3804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:03.0100 3804 FontCache3.0.0.0 - ok
23:51:03.0131 3804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:51:03.0147 3804 FsDepends - ok
23:51:03.0178 3804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:51:03.0209 3804 Fs_Rec - ok
23:51:03.0256 3804 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:51:03.0303 3804 fvevol - ok
23:51:03.0334 3804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:03.0365 3804 gagp30kx - ok
23:51:03.0396 3804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:51:03.0537 3804 gpsvc - ok
23:51:03.0599 3804 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:51:03.0615 3804 GREGService - ok
23:51:03.0693 3804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:03.0724 3804 gupdate - ok
23:51:03.0755 3804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:03.0771 3804 gupdatem - ok
23:51:03.0802 3804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:03.0833 3804 gusvc - ok
23:51:03.0849 3804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:51:03.0927 3804 hcw85cir - ok
23:51:03.0973 3804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:04.0036 3804 HdAudAddService - ok
23:51:04.0067 3804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:51:04.0114 3804 HDAudBus - ok
23:51:04.0145 3804 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:51:04.0161 3804 HECIx64 - ok
23:51:04.0192 3804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:04.0223 3804 HidBatt - ok
23:51:04.0239 3804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:51:04.0285 3804 HidBth - ok
23:51:04.0301 3804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:51:04.0348 3804 HidIr - ok
23:51:04.0363 3804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:51:04.0473 3804 hidserv - ok
23:51:04.0519 3804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:51:04.0535 3804 HidUsb - ok
23:51:04.0582 3804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:51:04.0675 3804 hkmsvc - ok
23:51:04.0707 3804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:04.0769 3804 HomeGroupListener - ok
23:51:04.0800 3804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:04.0831 3804 HomeGroupProvider - ok
23:51:04.0894 3804 [ 502433044773567F6CE942F8E0A621CA ] HPMo4DE3 C:\Windows\system32\DRIVERS\HPMo4DE3.sys
23:51:04.0956 3804 HPMo4DE3 - ok
23:51:05.0003 3804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:51:05.0019 3804 HpSAMD - ok
23:51:05.0065 3804 [ A635DDB3ED98953BB4D42079017B4E30 ] HPub4DE3 C:\Windows\system32\Drivers\HPub4DE3.sys
23:51:05.0112 3804 HPub4DE3 - ok
23:51:05.0159 3804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:51:05.0284 3804 HTTP - ok
23:51:05.0315 3804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:51:05.0331 3804 hwpolicy - ok
23:51:05.0393 3804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:51:05.0424 3804 i8042prt - ok
23:51:05.0455 3804 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:51:05.0502 3804 iaStor - ok
23:51:05.0549 3804 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:51:05.0565 3804 IAStorDataMgrSvc - ok
23:51:05.0627 3804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:51:05.0658 3804 iaStorV - ok
23:51:05.0721 3804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:05.0783 3804 idsvc - ok
23:51:05.0814 3804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:51:05.0845 3804 iirsp - ok
23:51:05.0892 3804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:51:06.0017 3804 IKEEXT - ok
23:51:06.0157 3804 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:51:06.0282 3804 IntcAzAudAddService - ok
23:51:06.0298 3804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:51:06.0329 3804 intelide - ok
23:51:06.0360 3804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:51:06.0391 3804 intelppm - ok
23:51:06.0423 3804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:51:06.0532 3804 IPBusEnum - ok
23:51:06.0547 3804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:06.0657 3804 IpFilterDriver - ok
23:51:06.0719 3804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:51:06.0781 3804 iphlpsvc - ok
23:51:06.0813 3804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:51:06.0859 3804 IPMIDRV - ok
23:51:06.0891 3804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:51:07.0000 3804 IPNAT - ok
23:51:07.0015 3804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:51:07.0093 3804 IRENUM - ok
23:51:07.0140 3804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:51:07.0171 3804 isapnp - ok
23:51:07.0203 3804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:51:07.0249 3804 iScsiPrt - ok
23:51:07.0296 3804 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:51:07.0327 3804 k57nd60a - ok
23:51:07.0359 3804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:51:07.0374 3804 kbdclass - ok
23:51:07.0405 3804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:51:07.0437 3804 kbdhid - ok
23:51:07.0468 3804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:51:07.0499 3804 KeyIso - ok
23:51:07.0515 3804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:51:07.0546 3804 KSecDD - ok
23:51:07.0577 3804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:51:07.0608 3804 KSecPkg - ok
23:51:07.0624 3804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:51:07.0733 3804 ksthunk - ok
23:51:07.0780 3804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:51:07.0889 3804 KtmRm - ok
23:51:07.0936 3804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:51:08.0045 3804 LanmanServer - ok
23:51:08.0076 3804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:08.0185 3804 LanmanWorkstation - ok
23:51:08.0232 3804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:51:08.0341 3804 lltdio - ok
23:51:08.0357 3804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:51:08.0466 3804 lltdsvc - ok
23:51:08.0482 3804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:51:08.0591 3804 lmhosts - ok
23:51:08.0638 3804 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:51:08.0669 3804 LMS - ok
23:51:08.0685 3804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:08.0716 3804 LSI_FC - ok
23:51:08.0731 3804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:08.0763 3804 LSI_SAS - ok
23:51:08.0778 3804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:08.0809 3804 LSI_SAS2 - ok
23:51:08.0825 3804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:08.0856 3804 LSI_SCSI - ok
23:51:08.0872 3804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:51:08.0981 3804 luafv - ok
23:51:09.0012 3804 mbamswissarmy - ok
23:51:09.0028 3804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:51:09.0043 3804 megasas - ok
23:51:09.0075 3804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:09.0121 3804 MegaSR - ok
23:51:09.0137 3804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:51:09.0246 3804 MMCSS - ok
23:51:09.0262 3804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:51:09.0371 3804 Modem - ok
23:51:09.0402 3804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:51:09.0449 3804 monitor - ok
23:51:09.0480 3804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:51:09.0496 3804 mouclass - ok
23:51:09.0527 3804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:51:09.0574 3804 mouhid - ok
23:51:09.0621 3804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:51:09.0652 3804 mountmgr - ok
23:51:09.0683 3804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:51:09.0714 3804 mpio - ok
23:51:09.0761 3804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:51:09.0839 3804 mpsdrv - ok
23:51:09.0886 3804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:51:10.0026 3804 MpsSvc - ok
23:51:10.0057 3804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:51:10.0120 3804 MRxDAV - ok
23:51:10.0151 3804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:10.0198 3804 mrxsmb - ok
23:51:10.0229 3804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:10.0276 3804 mrxsmb10 - ok
23:51:10.0291 3804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:10.0338 3804 mrxsmb20 - ok
23:51:10.0385 3804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:51:10.0416 3804 msahci - ok
23:51:10.0447 3804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:51:10.0479 3804 msdsm - ok
23:51:10.0510 3804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:51:10.0572 3804 MSDTC - ok
23:51:10.0619 3804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:51:10.0713 3804 Msfs - ok
23:51:10.0728 3804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:51:10.0822 3804 mshidkmdf - ok
23:51:10.0837 3804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:51:10.0869 3804 msisadrv - ok
23:51:10.0900 3804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:51:10.0993 3804 MSiSCSI - ok
23:51:10.0993 3804 msiserver - ok
23:51:11.0009 3804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:51:11.0103 3804 MSKSSRV - ok
23:51:11.0103 3804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:11.0196 3804 MSPCLOCK - ok
23:51:11.0227 3804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:51:11.0321 3804 MSPQM - ok
23:51:11.0352 3804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:51:11.0399 3804 MsRPC - ok
23:51:11.0430 3804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:51:11.0461 3804 mssmbios - ok
23:51:11.0477 3804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:51:11.0586 3804 MSTEE - ok
23:51:11.0586 3804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:11.0617 3804 MTConfig - ok
23:51:11.0633 3804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:51:11.0664 3804 Mup - ok
23:51:11.0695 3804 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:51:11.0727 3804 mwlPSDFilter - ok
23:51:11.0727 3804 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:51:11.0758 3804 mwlPSDNServ - ok
23:51:11.0773 3804 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:51:11.0789 3804 mwlPSDVDisk - ok
23:51:11.0851 3804 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
23:51:11.0883 3804 MWLService - ok
23:51:11.0929 3804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:51:12.0039 3804 napagent - ok
23:51:12.0085 3804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:51:12.0148 3804 NativeWifiP - ok
23:51:12.0210 3804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:51:12.0273 3804 NDIS - ok
23:51:12.0319 3804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:12.0429 3804 NdisCap - ok
23:51:12.0444 3804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:12.0538 3804 NdisTapi - ok
23:51:12.0569 3804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:12.0678 3804 Ndisuio - ok
23:51:12.0709 3804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:12.0819 3804 NdisWan - ok
23:51:12.0834 3804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:51:12.0943 3804 NDProxy - ok
23:51:12.0975 3804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:51:13.0068 3804 NetBIOS - ok
23:51:13.0115 3804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:51:13.0209 3804 NetBT - ok
23:51:13.0240 3804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:51:13.0271 3804 Netlogon - ok
23:51:13.0302 3804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:51:13.0427 3804 Netman - ok
23:51:13.0458 3804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:51:13.0567 3804 netprofm - ok
23:51:13.0599 3804 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:13.0630 3804 NetTcpPortSharing - ok
23:51:13.0661 3804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:13.0692 3804 nfrd960 - ok
23:51:13.0755 3804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:51:13.0786 3804 NlaSvc - ok
23:51:13.0833 3804 [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
23:51:13.0926 3804 nmwcd - ok
23:51:13.0926 3804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:51:14.0035 3804 Npfs - ok
23:51:14.0067 3804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:51:14.0176 3804 nsi - ok
23:51:14.0207 3804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:51:14.0316 3804 nsiproxy - ok
23:51:14.0394 3804 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:51:14.0488 3804 Ntfs - ok
23:51:14.0566 3804 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
23:51:14.0597 3804 NTI IScheduleSvc - ok
23:51:14.0613 3804 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
23:51:14.0644 3804 NTIDrvr - ok
23:51:14.0659 3804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:51:14.0769 3804 Null - ok
23:51:14.0831 3804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:51:14.0862 3804 nvraid - ok
23:51:14.0878 3804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:51:14.0909 3804 nvstor - ok
23:51:14.0956 3804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:51:14.0987 3804 nv_agp - ok
23:51:15.0018 3804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:51:15.0065 3804 ohci1394 - ok
23:51:15.0112 3804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:15.0143 3804 ose - ok
23:51:15.0315 3804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:51:15.0595 3804 osppsvc - ok
23:51:15.0642 3804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:51:15.0705 3804 p2pimsvc - ok
23:51:15.0751 3804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:51:15.0798 3804 p2psvc - ok
23:51:15.0814 3804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:51:15.0861 3804 Parport - ok
23:51:15.0907 3804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:51:15.0939 3804 partmgr - ok
23:51:15.0954 3804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:51:16.0017 3804 PcaSvc - ok
23:51:16.0048 3804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:51:16.0079 3804 pci - ok
23:51:16.0110 3804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:51:16.0141 3804 pciide - ok
23:51:16.0157 3804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:16.0188 3804 pcmcia - ok
23:51:16.0219 3804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:51:16.0251 3804 pcw - ok
23:51:16.0282 3804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:51:16.0391 3804 PEAUTH - ok
23:51:16.0500 3804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:51:16.0547 3804 PerfHost - ok
23:51:16.0625 3804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:51:16.0765 3804 pla - ok
23:51:16.0812 3804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:51:16.0890 3804 PlugPlay - ok
23:51:16.0921 3804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:51:16.0937 3804 PNRPAutoReg - ok
23:51:16.0968 3804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:51:16.0999 3804 PNRPsvc - ok
23:51:17.0031 3804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:51:17.0155 3804 PolicyAgent - ok
23:51:17.0202 3804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:51:17.0296 3804 Power - ok
23:51:17.0327 3804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:51:17.0421 3804 PptpMiniport - ok
23:51:17.0452 3804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:51:17.0483 3804 Processor - ok
23:51:17.0514 3804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:51:17.0577 3804 ProfSvc - ok
23:51:17.0592 3804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:17.0623 3804 ProtectedStorage - ok
23:51:17.0670 3804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:51:17.0764 3804 Psched - ok
23:51:17.0842 3804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:51:17.0935 3804 ql2300 - ok
23:51:17.0935 3804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:17.0967 3804 ql40xx - ok
23:51:17.0998 3804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:51:18.0045 3804 QWAVE - ok
23:51:18.0060 3804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:51:18.0107 3804 QWAVEdrv - ok
23:51:18.0123 3804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:51:18.0232 3804 RasAcd - ok
23:51:18.0263 3804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:18.0372 3804 RasAgileVpn - ok
23:51:18.0403 3804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:51:18.0497 3804 RasAuto - ok
23:51:18.0528 3804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:18.0637 3804 Rasl2tp - ok
23:51:18.0669 3804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:51:18.0825 3804 RasMan - ok
23:51:18.0871 3804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:18.0965 3804 RasPppoe - ok
23:51:18.0981 3804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:51:19.0074 3804 RasSstp - ok
23:51:19.0121 3804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:51:19.0230 3804 rdbss - ok
23:51:19.0246 3804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:19.0277 3804 rdpbus - ok
23:51:19.0308 3804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:19.0417 3804 RDPCDD - ok
23:51:19.0433 3804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:51:19.0558 3804 RDPENCDD - ok
23:51:19.0605 3804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:51:19.0698 3804 RDPREFMP - ok
23:51:19.0729 3804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:51:19.0792 3804 RDPWD - ok
23:51:19.0839 3804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:51:19.0885 3804 rdyboost - ok
23:51:19.0917 3804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:51:20.0010 3804 RemoteAccess - ok
23:51:20.0041 3804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:51:20.0151 3804 RemoteRegistry - ok
23:51:20.0166 3804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:51:20.0260 3804 RpcEptMapper - ok
23:51:20.0275 3804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:51:20.0307 3804 RpcLocator - ok
23:51:20.0338 3804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:51:20.0447 3804 RpcSs - ok
23:51:20.0478 3804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:51:20.0587 3804 rspndr - ok
23:51:20.0650 3804 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:51:20.0681 3804 RSUSBSTOR - ok
23:51:20.0728 3804 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:51:20.0759 3804 RTHDMIAzAudService - ok
23:51:20.0759 3804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:51:20.0790 3804 SamSs - ok
23:51:20.0821 3804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:51:20.0853 3804 sbp2port - ok
23:51:20.0884 3804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:51:20.0977 3804 SCardSvr - ok
23:51:21.0009 3804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:51:21.0102 3804 scfilter - ok
23:51:21.0149 3804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:51:21.0274 3804 Schedule - ok
23:51:21.0305 3804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:51:21.0399 3804 SCPolicySvc - ok
23:51:21.0414 3804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:51:21.0461 3804 SDRSVC - ok
23:51:21.0492 3804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:51:21.0601 3804 secdrv - ok
23:51:21.0633 3804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:51:21.0742 3804 seclogon - ok
23:51:21.0789 3804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:51:21.0882 3804 SENS - ok
23:51:21.0913 3804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:51:21.0960 3804 SensrSvc - ok
23:51:21.0991 3804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:51:22.0023 3804 Serenum - ok
23:51:22.0038 3804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:51:22.0069 3804 Serial - ok
23:51:22.0101 3804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:51:22.0132 3804 sermouse - ok
23:51:22.0163 3804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:51:22.0272 3804 SessionEnv - ok
23:51:22.0319 3804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:51:22.0366 3804 sffdisk - ok
23:51:22.0366 3804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:51:22.0397 3804 sffp_mmc - ok
23:51:22.0413 3804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:51:22.0459 3804 sffp_sd - ok
23:51:22.0491 3804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:22.0522 3804 sfloppy - ok
23:51:22.0600 3804 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:51:22.0647 3804 Sftfs - ok
23:51:22.0709 3804 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:51:22.0756 3804 sftlist - ok
23:51:22.0787 3804 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:51:22.0818 3804 Sftplay - ok
23:51:22.0849 3804 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:51:22.0865 3804 Sftredir - ok
23:51:22.0896 3804 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:51:22.0912 3804 Sftvol - ok
23:51:22.0959 3804 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:51:22.0990 3804 sftvsa - ok
23:51:23.0021 3804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:51:23.0115 3804 SharedAccess - ok
23:51:23.0161 3804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:23.0271 3804 ShellHWDetection - ok
23:51:23.0317 3804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:23.0333 3804 SiSRaid2 - ok
23:51:23.0349 3804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:23.0380 3804 SiSRaid4 - ok
23:51:23.0567 3804 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:51:23.0739 3804 Skype C2C Service - ok
23:51:23.0895 3804 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:51:23.0926 3804 SkypeUpdate - ok
23:51:23.0941 3804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:51:24.0051 3804 Smb - ok
23:51:24.0097 3804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:51:24.0129 3804 SNMPTRAP - ok
23:51:24.0144 3804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:51:24.0175 3804 spldr - ok
23:51:24.0207 3804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:51:24.0269 3804 Spooler - ok
23:51:24.0394 3804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:51:24.0659 3804 sppsvc - ok
23:51:24.0690 3804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:51:24.0784 3804 sppuinotify - ok
23:51:24.0815 3804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:51:24.0877 3804 srv - ok
23:51:24.0924 3804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:51:24.0955 3804 srv2 - ok
23:51:24.0971 3804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:51:25.0002 3804 srvnet - ok
23:51:25.0049 3804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:51:25.0143 3804 SSDPSRV - ok
23:51:25.0158 3804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:51:25.0267 3804 SstpSvc - ok
23:51:25.0330 3804 Steam Client Service - ok
23:51:25.0345 3804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:51:25.0377 3804 stexstor - ok
23:51:25.0423 3804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:51:25.0501 3804 stisvc - ok
23:51:25.0533 3804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:51:25.0548 3804 swenum - ok
23:51:25.0579 3804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:51:25.0689 3804 swprv - ok
23:51:25.0735 3804 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:51:25.0767 3804 SynTP - ok
23:51:25.0845 3804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:51:25.0954 3804 SysMain - ok
23:51:25.0985 3804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:51:26.0032 3804 TabletInputService - ok
23:51:26.0079 3804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:51:26.0188 3804 TapiSrv - ok
23:51:26.0219 3804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:51:26.0313 3804 TBS - ok
23:51:26.0391 3804 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:51:26.0500 3804 Tcpip - ok
23:51:26.0562 3804 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:51:26.0656 3804 TCPIP6 - ok
23:51:26.0703 3804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:51:26.0749 3804 tcpipreg - ok
23:51:26.0781 3804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:51:26.0843 3804 TDPIPE - ok
23:51:26.0859 3804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:51:26.0890 3804 TDTCP - ok
23:51:26.0921 3804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:51:27.0030 3804 tdx - ok
23:51:27.0061 3804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:51:27.0077 3804 TermDD - ok
23:51:27.0124 3804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:51:27.0249 3804 TermService - ok
23:51:27.0280 3804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:51:27.0311 3804 Themes - ok
23:51:27.0342 3804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:51:27.0436 3804 THREADORDER - ok
23:51:27.0467 3804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:51:27.0561 3804 TrkWks - ok
23:51:27.0623 3804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:51:27.0717 3804 TrustedInstaller - ok
23:51:27.0748 3804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:27.0841 3804 tssecsrv - ok
23:51:27.0873 3804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:51:27.0919 3804 TsUsbFlt - ok
23:51:27.0951 3804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:51:28.0075 3804 tunnel - ok
23:51:28.0107 3804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:51:28.0138 3804 uagp35 - ok
23:51:28.0169 3804 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:51:28.0185 3804 UBHelper - ok
23:51:28.0216 3804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:51:28.0325 3804 udfs - ok
23:51:28.0356 3804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:51:28.0387 3804 UI0Detect - ok
23:51:28.0403 3804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:51:28.0419 3804 uliagpkx - ok
23:51:28.0481 3804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:51:28.0512 3804 umbus - ok
23:51:28.0543 3804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:51:28.0575 3804 UmPass - ok
23:51:28.0684 3804 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:51:28.0809 3804 UNS - ok
23:51:28.0840 3804 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:51:28.0871 3804 Updater Service - ok
23:51:28.0902 3804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:51:29.0027 3804 upnphost - ok
23:51:29.0058 3804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:29.0121 3804 usbccgp - ok
23:51:29.0167 3804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:51:29.0230 3804 usbcir - ok
23:51:29.0261 3804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:51:29.0292 3804 usbehci - ok
23:51:29.0339 3804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:51:29.0370 3804 usbhub - ok
23:51:29.0401 3804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:51:29.0433 3804 usbohci - ok
23:51:29.0448 3804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:51:29.0495 3804 usbprint - ok
23:51:29.0526 3804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
23:51:29.0589 3804 USBSTOR - ok
23:51:29.0635 3804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:51:29.0682 3804 usbuhci - ok
23:51:29.0729 3804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:51:29.0791 3804 usbvideo - ok
23:51:29.0838 3804 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
23:51:29.0869 3804 usb_rndisx - ok
23:51:29.0901 3804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:51:29.0994 3804 UxSms - ok
23:51:30.0025 3804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:51:30.0057 3804 VaultSvc - ok
23:51:30.0072 3804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:51:30.0088 3804 vdrvroot - ok
23:51:30.0135 3804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:51:30.0244 3804 vds - ok
23:51:30.0259 3804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:30.0291 3804 vga - ok
23:51:30.0322 3804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:51:30.0415 3804 VgaSave - ok
23:51:30.0447 3804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:51:30.0478 3804 vhdmp - ok
23:51:30.0509 3804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:51:30.0540 3804 viaide - ok
23:51:30.0556 3804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:51:30.0587 3804 volmgr - ok
23:51:30.0634 3804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:51:30.0665 3804 volmgrx - ok
23:51:30.0696 3804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:51:30.0743 3804 volsnap - ok
23:51:30.0774 3804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:30.0805 3804 vsmraid - ok
23:51:30.0868 3804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:51:31.0024 3804 VSS - ok
23:51:31.0039 3804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:51:31.0086 3804 vwifibus - ok
23:51:31.0133 3804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:51:31.0180 3804 vwififlt - ok
23:51:31.0195 3804 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:51:31.0242 3804 vwifimp - ok
23:51:31.0305 3804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:51:31.0398 3804 W32Time - ok
23:51:31.0429 3804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:51:31.0476 3804 WacomPen - ok
23:51:31.0507 3804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:51:31.0617 3804 WANARP - ok
23:51:31.0617 3804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:51:31.0710 3804 Wanarpv6 - ok
23:51:31.0804 3804 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:51:31.0913 3804 WatAdminSvc - ok
23:51:31.0991 3804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:51:32.0085 3804 wbengine - ok
23:51:32.0116 3804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:51:32.0163 3804 WbioSrvc - ok
23:51:32.0209 3804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:51:32.0272 3804 wcncsvc - ok
23:51:32.0287 3804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:51:32.0334 3804 WcsPlugInService - ok
23:51:32.0350 3804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:51:32.0381 3804 Wd - ok
23:51:32.0412 3804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:51:32.0475 3804 Wdf01000 - ok
23:51:32.0506 3804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:51:32.0584 3804 WdiServiceHost - ok
23:51:32.0584 3804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:51:32.0631 3804 WdiSystemHost - ok
23:51:32.0662 3804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:51:32.0709 3804 WebClient - ok
23:51:32.0740 3804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:51:32.0849 3804 Wecsvc - ok
23:51:32.0880 3804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:51:32.0974 3804 wercplsupport - ok
23:51:33.0021 3804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:51:33.0114 3804 WerSvc - ok
23:51:33.0145 3804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:33.0239 3804 WfpLwf - ok
23:51:33.0255 3804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:51:33.0270 3804 WIMMount - ok
23:51:33.0301 3804 WinDefend - ok
23:51:33.0317 3804 WinHttpAutoProxySvc - ok
23:51:33.0379 3804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:51:33.0489 3804 Winmgmt - ok
23:51:33.0567 3804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:51:33.0738 3804 WinRM - ok
23:51:33.0816 3804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:51:33.0847 3804 WinUsb - ok
23:51:33.0910 3804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:51:33.0972 3804 Wlansvc - ok
23:51:34.0113 3804 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:51:34.0222 3804 wlidsvc - ok
23:51:34.0269 3804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:51:34.0300 3804 WmiAcpi - ok
23:51:34.0331 3804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:51:34.0393 3804 wmiApSrv - ok
23:51:34.0425 3804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:51:34.0456 3804 WPCSvc - ok
23:51:34.0487 3804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:51:34.0549 3804 WPDBusEnum - ok
23:51:34.0581 3804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:51:34.0674 3804 ws2ifsl - ok
23:51:34.0690 3804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:51:34.0721 3804 wscsvc - ok
23:51:34.0737 3804 WSearch - ok
23:51:34.0830 3804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:51:34.0939 3804 wuauserv - ok
23:51:34.0986 3804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:51:35.0033 3804 WudfPf - ok
23:51:35.0080 3804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:35.0127 3804 WUDFRd - ok
23:51:35.0158 3804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:51:35.0205 3804 wudfsvc - ok
23:51:35.0251 3804 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:51:35.0314 3804 WwanSvc - ok
23:51:35.0485 3804 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:51:35.0532 3804 YahooAUService - ok
23:51:35.0548 3804 ================ Scan global ===============================
23:51:35.0579 3804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:51:35.0610 3804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:51:35.0610 3804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:51:35.0641 3804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:51:35.0673 3804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:51:35.0673 3804 [Global] - ok
23:51:35.0688 3804 ================ Scan MBR ==================================
23:51:35.0688 3804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:51:36.0031 3804 \Device\Harddisk0\DR0 - ok
23:51:36.0031 3804 ================ Scan VBR ==================================
23:51:36.0031 3804 [ 59D065DEA30057D126A0F925EA51B408 ] \Device\Harddisk0\DR0\Partition1
23:51:36.0031 3804 \Device\Harddisk0\DR0\Partition1 - ok
23:51:36.0063 3804 [ 97FB8E9740BACBE221A50F92D90CC55E ] \Device\Harddisk0\DR0\Partition2
23:51:36.0063 3804 \Device\Harddisk0\DR0\Partition2 - ok
23:51:36.0094 3804 [ E11BC11EDAE24ACAD419E616D738C1B8 ] \Device\Harddisk0\DR0\Partition3
23:51:36.0094 3804 \Device\Harddisk0\DR0\Partition3 - ok
23:51:36.0094 3804 ============================================================
23:51:36.0094 3804 Scan finished
23:51:36.0094 3804 ============================================================
23:51:36.0109 5760 Detected object count: 1
23:51:36.0109 5760 Actual detected object count: 1
23:51:44.0393 5760 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user
23:51:44.0393 5760 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:51:46.0998 5608 Deinitialize success
|
|
30.05.2013, 23:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2013, 12:59
| #11 |
| | TR/Dropper.gen gefunden was nun? Hallo lieber Helfer, JRT file: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dominic on 31.05.2013 at 13:23:51,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Dominic\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Dominic\AppData\Roaming\loadtbs"
Successfully deleted: [Folder] "C:\Users\Dominic\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Dominic\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{01F8FB6B-207B-48C9-B351-9A5563140397}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{02542B20-474F-4DBD-A0EA-B7656E9AF210}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{058E23C7-8ABE-4BDD-AB33-A58FA6BF51CD}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{062F9E00-A287-41B8-AB4E-8CAF9DB5AAAB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{078E8AF3-991D-4CD9-B6EF-A25EF9F83B15}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{08328267-1E66-4684-996D-30996436905D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0B8337BC-DB7D-42F7-8E2E-62966606ACBF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0D9851FB-30C1-4C7F-BF30-E97637B5A00C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{0EED2D60-EDCD-4E8D-AB1B-171C2BAFFF5A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1118CAD1-8D1A-48AD-A9E4-CEEAD05C058D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1642E000-93D8-479D-B9C1-CC6FE60FF7DA}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{16C69E5D-315B-466F-8E91-D2ED273ED65D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1794741C-5698-4054-98AC-BC2EAAA41357}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{199C5ED8-3EC8-4449-B486-89AD49EA861F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{1E8CD9C2-ACE5-4EBE-B332-4C27D6D5BD6F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{21BAF03E-C26A-489F-A6A5-84F63DA6C184}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{22A7B144-AD9F-4712-BE60-5360FB963FCB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2444176C-FD64-46C7-969D-BA281F393F4B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2900A96A-9FBE-4ECE-AE87-B1F22CE98376}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{292FA6BC-F751-49C4-A9AD-6DFAACC39BB6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{29D61218-3FD6-4A0D-A4DB-68A320ACEF86}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2A4F6EE6-7EE2-4474-99A1-D0A1588CB912}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2BC6CAF2-2777-4968-9D7F-0C04E25D426D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2EF45248-8A29-4D80-B83A-A7EE077FEECE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{2F6583DC-1F83-48E9-9F5D-EE0BEEC562E6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{30B1C8EB-19BE-48F2-874A-97E86CDD7042}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{30F8C236-D7E5-4ED7-A77A-315B80385C6C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{31CF6DC2-5DA4-4413-AE19-910C05DBCE1F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3273CA27-667A-49B3-8094-99AC055C4031}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{327689E6-DED1-4F55-9A08-863670204BF7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{338AD03A-BD34-4C5C-8797-E628FEC33153}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3461DA13-CD11-4E0E-95E7-0052D78F74BE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{368894A4-0C57-4448-8F93-9812940688F2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3A9D3BDF-6AAF-4AAC-9F95-55A8218F5D06}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3B9229C1-09D3-44AB-ADB2-C29A57274ED4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3C56B34F-2A65-4221-8C12-132E0B9BE8DF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{3FB8F2E2-669D-45F3-82F4-944DB3C02973}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{41CB959B-35C6-4B00-A350-A1299CEA1E2A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{441673A4-70DF-4BAC-A075-7D57EFE0CF51}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4AFD3C12-F00A-4A99-853F-754AF6FC7B24}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4C1B7DA0-687F-4B7F-BE32-765BC5FB7E67}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4CEEA122-6BC3-4633-A89E-D73AB72CE2C7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4E385FEA-F71C-4891-BB04-A599D9B72C8A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{4EEFB186-920E-4C75-A5E0-A3A3DA38B7A5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{51CCF607-A129-4E19-975D-CA2A9D266DA7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{52086DD1-97A3-4337-A77D-AD0CA45A248F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{54238409-4600-41E5-90FA-5267C7EB1EBE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5504B3C3-50BA-4957-9996-97A2C70534C1}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5786D357-A897-4061-BC2B-65A0D20AAC57}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{57C5501E-952D-43AE-BA75-CC99B83BEA7B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{596B53F6-E19C-4075-A6AE-57BA84886AC0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{5ECF4939-3E46-4F93-A788-B0A8E266110B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{60C6437A-4B18-49AB-A385-1FE0BF7A6F43}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{641C9A2D-734A-4ACB-88DA-7844145BB7B7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{67A03D35-5270-41BD-8FF4-0775190EF512}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{68439F71-DF37-4400-945F-393321C67A5F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{69F6AC28-6479-475E-935F-D7EE4D2352E2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6B5E893E-326A-4C0A-9C3B-D775DADE340C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6C6715B0-0D4E-40EB-A880-2E347B62A7F6}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{6F8BA779-F923-4288-9E0C-A29EFC8F4DE5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{71496A5D-C69C-40A3-B6EF-FF9B7CAA715F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{731C39CD-E4B8-4C6D-8243-7E9E0F2EAF07}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{74FB6F64-8260-4A0A-B792-F74D1399812A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{76FBD0AC-2CB3-4BBC-B05C-550372E5C886}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{774329BA-A01C-42F5-96DF-5D50EAA81342}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{77BEA92A-0763-46AE-96FD-317C4A5DE2F5}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{78485FF2-2559-4B63-A2A4-98906A5171DC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7AEC0BD0-37D3-4B8C-B233-F549DC8D6C9B}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7CAC15E6-048B-48D2-BEA4-69EF3DDFBDEF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{7DEF9E11-7F83-47EC-9DEF-CBDCFB69903C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8063FDF9-CFB8-4B50-9204-F61661CCA2AC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{80B972DA-34DD-4F80-BB4C-C9FDA2FE69B1}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{85303BB7-11AA-4C43-8E6C-AF673DBD1E9E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{876F11C5-182C-4300-A3D0-4C63BAFD1A0C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{87CF2DEC-69DB-4134-A9C0-508FEC19D677}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8873F635-8DED-491D-87AB-2D5ED2D574FC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{890E4039-6C3A-4F5C-9552-D87D5788C29A}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{8B93023A-8BB8-426F-B27E-338D169BD019}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9055B579-66BA-47C0-AF78-A527FEC56B42}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{92A7C13A-E814-431F-92B8-A8D55EAEBEF0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{957806CD-6AE5-469F-BC9F-AC26E755A2E0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9725585E-F06E-4FF9-A2BF-8B928E0AAE84}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{973798AA-A47E-4522-A970-E4609E571293}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9782B083-4F3F-4C4A-B36B-124DE0A13E13}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9894DC89-59FD-4DD7-91B5-1C4017B82CB8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{9D6EE5D8-E873-47A9-9360-7CE68E792149}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A1D08E2B-6B57-4DF4-A948-A45AB5C9D0FA}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A57470E3-30B6-4AA7-92F8-FF51751D10EF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A634D7C7-C236-46AD-B18A-1FFE9450307E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A7CF5052-296A-4B5A-A329-D8FABD5956D9}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{A9223511-8B3B-478B-91FE-F336DF07A3A2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{AC05CBEA-A0A8-490B-AC45-DAD360DCE43F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{ADA97E34-D697-4E69-9C4F-C1994397E619}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{AF05AA3C-7DCF-468A-A355-573E1F50CDAD}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B2768729-4357-4E49-9BF6-729DB69528A9}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B2910725-3E95-4DB7-9E28-6274CB4101E8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B355B3DD-87EE-414A-8CE7-E7650A0337C2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B493BA2B-02B0-4A70-9FD0-1FDF26E20077}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B505E12F-8C00-4688-9D02-013420C0DE41}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B5F69279-3089-4ED9-AF15-6D4DDCED30C0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B87C5836-5145-476B-85A1-643322CE87E3}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B8A2755D-D49D-4DCF-A460-82FB7630B48E}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{B9BBA288-8F1B-411A-9217-A30215D4F455}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BA498D4D-92B3-4103-AC26-EE7E58B66359}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BD707464-327B-45C7-B44F-B522BBD4AF3C}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{BEBD4382-C600-4A33-A527-DB2F17222BA3}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C07C54F1-69E5-47EA-8F67-99324C672662}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C110639E-16A3-4069-B57A-4DA5265E3346}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C30E2902-9236-4B53-AE73-067C26814695}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C319B8D5-5646-411F-8C92-E3FAF8325BA7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C508EA0B-31A3-46BA-AA86-5840E66FBFBC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C50E666D-9DF4-47AA-BE7D-3FFF6BE0065F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C5F988E6-9ACF-4F14-88DC-5D292B78ACCE}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C8B80A7A-CEA3-41C8-97A4-46DC6D2DE88F}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{C9E07312-2DB0-4D48-BF46-C39AADD73421}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{CC151B65-2DA4-4219-ADB4-5802AF2D95CB}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{CCE40144-D977-4330-8E65-ECBD49876CF8}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D0901E21-6A6D-4AD2-BBD3-3575B0158C4D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D15EE1F2-F6D8-4BF0-A3EC-0EEF683292F0}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D2CCA8DF-7D77-4282-A8E2-82A99BBE575D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D52F9E43-854F-4380-A8B8-F44BED0B28DF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D5CAC484-D731-4B5C-91EC-379B0CC772EF}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D7BED9F8-7C50-49E4-89AE-9030F3946264}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{D9AFCE6E-489A-476C-845C-F29B267DCDA4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{DA28FF56-B92D-4FD8-A667-BC3CB965B7E7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{DAA26628-50C7-4A62-BA51-90F227C75077}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E2CB4E41-EC0C-44FF-AAF0-F8A64F138C0D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E5D9395E-6944-46F2-97B7-D650E4CCD271}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E6436B24-7B64-41C1-B86F-3102161DAD84}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{E79E9B8A-1F85-405D-9935-BC6DAFCA91E7}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{EB048B11-D67B-4AE1-91FD-5FDF65BB38BC}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{EC121481-3C47-4AA1-A6E4-9ABADBC704D2}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{ED8C3C8C-3999-4458-AF73-391389FC86C4}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F1F25203-329E-4459-B4AA-98A2F78EF25D}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F294EE4F-CCD6-4ED5-8D3D-2067F9B49E90}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F31EB6F1-B9F0-4749-B2EF-D20D31AFEB91}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F38A5A4B-C67C-4E8B-9627-A50CCD584825}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F3A4E968-F6B7-46FB-AE38-420ECB5D2A82}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F443DC3F-5370-45D0-8D45-F45AE08D5336}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{F5FF6A74-3848-488A-87E5-398ADC258003}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{FA6D9212-29CF-431B-827D-95FD20AE03ED}
Successfully deleted: [Empty Folder] C:\Users\Dominic\appdata\local\{FAEF6DD1-B82D-4EFF-9971-5FA3A75112BB}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2013 at 13:30:22,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 31/05/2013 um 13:32:07 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dominic - DOMINIC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominic\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2418 octets] - [31/05/2013 13:32:07]
########## EOF - C:\AdwCleaner[S1].txt - [2478 octets] ##########
Code:
ATTFilter OTL logfile created on: 31.05.2013 13:37:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominic\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,15% Memory free 7,73 Gb Paging File | 6,23 Gb Available in Paging File | 80,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 9,09 Gb Free Space | 6,31% Space Free | Partition Type: NTFS Drive P: | 140,95 Gb Total Space | 22,56 Gb Free Space | 16,01% Space Free | Partition Type: NTFS Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dominic\Desktop\OTL.exe (OldTimer Tools) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- P:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273602118105l0484z145v48m22526 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 41.0.202.145:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominic\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominic\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Dominic\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dominic\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: VLC Web Plugin (Enabled) = P:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Skype Click to Call = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: Google Mail = C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.05.29 16:44:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] P:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dominic\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C715D9B-320F-4739-BACC-2B483D6DE224}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B692E382-B46B-49E0-8CA6-6356ABB96264}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.31 13:23:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.31 13:23:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.31 13:20:56 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dominic\Desktop\JRT.exe [2013.05.30 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Unified Remote [2013.05.30 18:09:15 | 000,000,000 | ---D | C] -- C:\Users\Dominic\Desktop\mbar [2013.05.30 15:13:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.29 16:02:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.29 16:02:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.29 16:02:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.29 16:01:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.29 16:00:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.29 15:56:31 | 005,073,804 | R--- | C] (Swearware) -- C:\Users\Dominic\Desktop\ComboFix.exe [2013.05.28 18:07:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dominic\Desktop\OTL.exe [2013.05.27 21:58:32 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Roaming\Malwarebytes [2013.05.27 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.27 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.27 21:58:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.27 21:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1 [2013.05.27 21:50:54 | 000,000,000 | ---D | C] -- C:\Navilog1 [2013.05.26 22:34:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2013.05.26 21:16:55 | 000,000,000 | ---D | C] -- C:\Users\Dominic\AppData\Local\Programs [2013.05.22 20:11:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.22 20:02:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.22 20:02:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.22 20:02:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.05.22 20:02:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.05.22 20:02:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.05.22 20:02:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.22 20:02:10 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.22 20:02:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.22 20:02:10 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.22 20:01:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.22 20:01:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.05.22 20:01:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.05.22 20:01:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.05.22 20:01:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.05.22 20:01:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.05.22 20:01:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.05.22 20:01:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.05.22 20:00:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.05.21 21:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.21 09:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013 [2013.05.08 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.07 20:13:44 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.31 13:41:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 13:41:06 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 13:34:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.31 13:33:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 13:33:08 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 13:24:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job [2013.05.31 13:21:33 | 000,632,031 | ---- | M] () -- C:\Users\Dominic\Desktop\adwcleaner.exe [2013.05.31 13:21:07 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dominic\Desktop\JRT.exe [2013.05.31 13:21:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.31 13:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.30 23:56:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000UA.job [2013.05.30 23:48:42 | 000,000,512 | ---- | M] () -- C:\Users\Dominic\Desktop\MBR.dat [2013.05.30 20:19:30 | 000,000,801 | ---- | M] () -- C:\Users\Dominic\Desktop\Unified Remote.lnk [2013.05.30 18:56:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job [2013.05.30 18:09:23 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.30 18:09:23 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.30 18:09:23 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.30 18:09:23 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.30 18:09:23 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.30 15:18:55 | 013,169,742 | ---- | M] () -- C:\Users\Dominic\Desktop\mbar-1.06.0.1003.zip [2013.05.30 15:16:50 | 000,377,856 | ---- | M] () -- C:\Users\Dominic\Desktop\w77yld2x.exe [2013.05.29 16:44:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.29 16:24:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3059594977-1893981943-3680611722-1000Core.job [2013.05.29 15:56:48 | 005,073,804 | R--- | M] (Swearware) -- C:\Users\Dominic\Desktop\ComboFix.exe [2013.05.28 19:53:44 | 000,002,384 | ---- | M] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk [2013.05.28 18:07:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dominic\Desktop\OTL.exe [2013.05.27 21:58:05 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 17:41:27 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.22 20:11:04 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.22 11:27:48 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.21 21:57:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2013.05.21 21:57:37 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2013.05.21 09:41:03 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.05.16 16:30:07 | 000,131,133 | ---- | M] () -- C:\Users\Dominic\Desktop\Germany.pdf [2013.05.07 20:13:09 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.31 13:21:22 | 000,632,031 | ---- | C] () -- C:\Users\Dominic\Desktop\adwcleaner.exe [2013.05.30 23:48:42 | 000,000,512 | ---- | C] () -- C:\Users\Dominic\Desktop\MBR.dat [2013.05.30 20:19:30 | 000,000,801 | ---- | C] () -- C:\Users\Dominic\Desktop\Unified Remote.lnk [2013.05.30 15:18:24 | 013,169,742 | ---- | C] () -- C:\Users\Dominic\Desktop\mbar-1.06.0.1003.zip [2013.05.30 15:16:36 | 000,377,856 | ---- | C] () -- C:\Users\Dominic\Desktop\w77yld2x.exe [2013.05.29 16:02:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.29 16:02:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.29 16:02:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.29 16:02:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.29 16:02:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.27 21:58:05 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.26 21:14:38 | 000,002,384 | ---- | C] () -- C:\Users\Dominic\Desktop\Google Chrome.lnk [2013.05.22 20:11:04 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.21 09:41:03 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.05.16 16:30:07 | 000,131,133 | ---- | C] () -- C:\Users\Dominic\Desktop\Germany.pdf [2013.01.13 22:07:13 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini [2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.04 02:51:44 | 000,007,625 | ---- | C] () -- C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 22:19:02 | 000,003,584 | ---- | C] () -- C:\Users\Dominic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.16 16:20:17 | 000,000,000 | ---- | C] () -- C:\Users\Dominic\AppData\Local\{71D90A8B-6C5B-4710-A01C-C37C344ADDC5} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57 < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.05.2013 13:37:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dominic\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,15% Memory free
7,73 Gb Paging File | 6,23 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 9,09 Gb Free Space | 6,31% Space Free | Partition Type: NTFS
Drive P: | 140,95 Gb Total Space | 22,56 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
Computer Name: DOMINIC-PC | User Name: Dominic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E6259D-7CDD-4800-BF6B-8C35C3BB4B20}" = lport=137 | protocol=17 | dir=in | app=system |
"{190F95B1-8726-44BD-A2F5-7D1BF3118B6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{32E08E3E-B1A7-46A3-8C3A-AFD8268ADE5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B5081F0-E60E-4974-8574-9DE0CF601040}" = lport=139 | protocol=6 | dir=in | app=system |
"{40A3B9F9-7BCB-4352-8B39-72142E4CE5B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{47624B65-154B-477D-BDE8-CB2FED391854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65D69AAD-82A9-460E-9975-B3199647B736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{74C31532-5E19-49AB-81FA-EC565319BD15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A7CEDED-43BF-4C6A-9D5C-0F3F01605308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D97BF95-9C99-4F34-AA76-CCA434FEAFE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92BF8E2F-6250-4F2B-A4FE-485A4BA42DC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9593422A-D0BA-4917-ADA4-2A54F9626A12}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F871B61-2F4D-43FE-A4DB-8794B8FDAE82}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0B14462-58BB-4ADA-94B1-D3803018AF5B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5958036-DDEA-42C9-838E-F6ACEFE33160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11453BE-E9EB-463B-A297-E8341FF94DD6}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08757FD3-9F8A-44FC-A6EE-13D53F9AA6B5}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{0BB7A654-9293-459D-8B3F-604F2C0B7270}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1E4DD80A-89C8-4AFE-BA16-D690A5DD0CEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20CBF5AE-FD2C-4F7E-A354-4231E13F49A2}" = dir=out | app=%programfiles% (x86)\skype\phone\skype.exe |
"{2F326BE1-68C1-4269-9ABD-31E141F693A0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"{343BA5FE-FD65-45A9-890C-BD0C2043EF2D}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{37B607D2-28D3-495D-B313-42CA11EDE166}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{46E028C5-7ADE-489D-A90C-0B6DADD22CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B3E57D2-9A41-457D-B501-513FD8B54094}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{53293032-1630-4CD8-B120-BBF06396E67C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{5345F1C6-66FC-4190-AB45-BB4038C46AD4}" = protocol=6 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe |
"{54476611-C3DB-4820-81F6-5A0A3C85E69E}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{54E0361C-19B2-4C19-9D32-2F3F610ABE3A}" = protocol=6 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{572B3711-BF54-41B7-AEC5-FCA9C418BC47}" = dir=in | app=c:\users\dominic\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{59483C95-DD1D-4F44-BCD7-2E376C69F6C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C2530E3-1490-4935-BFDA-BB9161C6009C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{5EEAAA19-4B88-47A9-A944-B1B8B024B9CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{61A0696F-8107-4884-BE12-5039B6A29E6B}" = protocol=17 | dir=in | app=p:\program files (x86)\origin\syndicate\system\win32_x86_release\syndicate.exe |
"{6D63BD9D-CB0A-44D9-94D4-89B4D72F845B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{70B57DEF-6C03-4869-A565-E9E5BC21230B}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{7560CAD5-2833-444B-AF09-8700BA77F23C}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{90B735A1-D8CB-4C01-8B67-B8141AAA886F}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{966D2B8A-2F2E-4E5B-ACA3-5D31022FBEF5}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steam.exe |
"{9BE989CB-5B6B-49B5-9DE2-D329E672C516}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steam.exe |
"{9EEFF54A-F4A1-49A0-AFF5-A256FFD2E10A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC3105C5-73D9-4BAD-BB8B-7FEE549B2C8E}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{BCFF1487-B704-4032-90FE-E334B80C6CE7}" = protocol=17 | dir=in | app=p:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C16CA4B9-512B-46C3-8AB5-365DD481E6FE}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"{CAF76FB7-DB93-4C61-B440-902AD7F380AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D9FAEB46-3C17-44A5-BAC2-EDB936E6283C}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{F122F3B7-60C7-4638-B66D-6F5F2691FD81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F55B3A92-27A4-4398-8AA4-546316115199}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe |
"TCP Query User{1CFB7FCD-30C0-454B-9BCA-67D80AAA3D07}P:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{1FEB5430-C188-45DC-9E75-AB47420DA4E9}P:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{31EE6465-96D8-4DC1-84D2-6F276F930D11}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{4DB65B7D-0F83-448C-9460-6B4272A03D9C}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{6E1B31C9-6EDC-4603-8801-6562B78A5CEF}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{BF37AD35-5AA9-4DC6-AC0D-F4D08BEE59F9}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{CBF5AEB9-C72F-46F2-BEE0-F04812CAD6D3}P:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=p:\programme\icq7.4\icq.exe |
"TCP Query User{D10D88BE-7DCF-4AED-B1DC-39E6A2708E3F}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{E3693444-3605-4CEA-BD2D-B8A7D7FB2F9F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F07FA1AD-986B-4522-9A43-AFC20CC19C18}P:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{26998D77-41A3-4134-930D-61A1AFF2F498}P:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{64708352-E5BE-465B-A972-4E301290222F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{680A7734-72A9-494B-948B-5F0803A57E99}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{70314CEB-91F2-4320-9FED-703FBBA243FA}C:\users\dominic\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\dominic\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{82442E2F-13E5-46F4-832F-DC1306030EE2}P:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{AC74BF75-81CA-4F23-878A-A7804465A6C7}P:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{D5A479AB-304F-4B22-8488-80B31339072F}P:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{D8252AF0-1AFA-4357-894C-4C0F9824466F}P:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=p:\programme\icq7.4\icq.exe |
"UDP Query User{EFF1D862-EC0E-45A0-921D-DC05627472A2}P:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{FF92CE33-8012-4EC7-B30C-27F8778E00E8}P:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\program files (x86)\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{45CB0703-D49C-31B2-0DBD-FDD98D7DEF7A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E04AD66-9C5A-46DF-836B-29BD26194820}" = Unified Remote
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{14EC371D-145C-9AC3-B3A8-EA90C6B0325E}" = PX Profile Update
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = Catalyst Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FA602928-EB59-449c-B9F7-1FBE1291B63D}" = Syndicate™
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArgusMonitor" = ArgusMonitor
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.3" = ESN Sonar
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Identity Card" = Identity Card
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PS3 Media Server" = PS3 Media Server
"SopCast" = SopCast 3.4.0
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 55230" = Saints Row: The Third
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3059594977-1893981943-3680611722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.05.2013 07:43:53 | Computer Name = Dominic-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
< End of report >
|
|
31.05.2013, 13:27
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2013, 22:27
| #13 |
| | TR/Dropper.gen gefunden was nun? Hallo Cosinus, ich habe jetzt Malewarebytes im Vollscanmodus, 3 mal versucht durchlaufen zu lassen, jedoch stürzt das Programm kurz vor Ende ab und der PC startet neu. Der Scan ist bei der letzten Partition und fast am Ende!  |
|
01.06.2013, 00:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden was nun? Probier es im abgesicherten Modus mit Netzwerktreibern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.06.2013, 21:53
| #15 |
| | TR/Dropper.gen gefunden was nun? Hallo, sorry das es was länger gedauert hat! Hier die logfiles. Logfile Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.02.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Dominic :: DOMINIC-PC [Administrator] 02.06.2013 18:05:44 mbam-log-2013-06-02 (18-05-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 378139 Laufzeit: 1 Stunde(n), 31 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=88c3575aa54f5d49894e56ae6256c933
# engine=13977
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-02 08:48:22
# local_time=2013-06-02 10:48:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775166 100 96 25299 235625792 18078 0
# compatibility_mode=5893 16776573 100 94 170429 121835952 0 0
# scanned=168459
# found=3
# cleaned=0
# scan_time=7316
sh=2418E85920CA6DC829CC9C77BB9B22C5ADAE6BB4 ft=1 fh=6b49b5fbef41f671 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Dominic\Downloads\blondehexe---Meine-18-Ju00e4hrige-Stiefschwester-entjungfert---- (1).exe"
sh=2418E85920CA6DC829CC9C77BB9B22C5ADAE6BB4 ft=1 fh=6b49b5fbef41f671 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Dominic\Downloads\blondehexe---Meine-18-Ju00e4hrige-Stiefschwester-entjungfert----.exe"
sh=D47E68BDBBC03FFCB62D37D378C9A22C5B0470E1 ft=1 fh=90e4ae4d8c44f9a0 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Dominic\Downloads\codec_pack_12918_ch.exe"
|
|
| Themen zu TR/Dropper.gen gefunden was nun? |
| administrator, adware.domaiq, anti-malware, appdata, autostart, avira, code, datei, explorer, hilfe!, install.exe, internet, internet explorer, malware, malwarebytes, microsoft, programm, roaming, scan, software, speicher, system, temp, tr/dropper.gen, trojaner, virus |
Linear-Darstellung
