| |
| |||||||
Log-Analyse und Auswertung: Laptop (Win 7, 64bit) von "System Doktor 2014" infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.06.2013, 10:28
| #1 |
 |  Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hallo, hab mich gestern mit dem System Doktor 2014 infiziert und komm nicht mehr ins Internet. Mein AntiVir Virenprogramm findet nichts und sitz jetzt an meinem Zweitrechner. Die logfiles hab ich auch erstellt, brauche schnellstmöglich Hilfe. Danke schonmal. OTL.txt Code:
ATTFilter OTL logfile created on: 06.06.2013 10:21:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bella\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 60,16% Memory free 7,36 Gb Paging File | 5,54 Gb Available in Paging File | 75,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 618,08 Gb Free Space | 90,16% Space Free | Partition Type: NTFS Drive E: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: 1234-PC | User Name: bella | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.06 10:13:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe PRC - [2013.06.05 23:17:44 | 000,655,872 | ---- | M] () -- C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.09 07:17:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:39:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:39:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.28 03:38:37 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.02.28 03:38:36 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011.02.26 12:20:48 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.06.05 23:17:44 | 000,655,872 | ---- | M] () -- C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.23 13:11:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 17:39:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 17:39:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.28 03:38:36 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.02.26 12:20:48 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.06.11 14:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.05.25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 05:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 05:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 06:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 17:39:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 17:39:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.18 21:14:29 | 010,629,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.06.18 21:13:08 | 009,360,912 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.18 21:13:08 | 000,310,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.05.06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.04.07 04:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.26 08:17:04 | 000,245,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.12.07 13:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE420 IE - HKCU\..\SearchScopes\{D87D3332-E21A-4CD7-9207-3293FEA4D663}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505" FF - prefs.js..extensions.enabledAddons: FasterFox_Lite%40BigRedBrent:3.9.9Lite FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B51154b97-c607-43f0-ad88-dda01a32a1e3%7D:9.1.50.18 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.18 13:26:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.23 13:11:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 13:11:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.23 13:11:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 13:11:27 | 000,000,000 | ---D | M] [2011.02.27 02:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\Extensions [2012.07.02 19:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\0o4p1rh3.Standard-Benutzer\extensions [2012.07.02 22:08:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\0o4p1rh3.Standard-Benutzer\extensions\ffxtlbr@incredibar.com [2013.06.02 09:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\3dmn4gai.default\extensions [2012.09.25 19:40:16 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\3dmn4gai.default\extensions\FasterFox_Lite@BigRedBrent [2012.07.02 22:08:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\3dmn4gai.default\extensions\ffxtlbr@incredibar.com [2013.04.05 15:50:28 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\bella\AppData\Roaming\mozilla\Firefox\Profiles\3dmn4gai.default\extensions\ich@maltegoetz.de [2013.05.17 18:16:07 | 000,374,078 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2011.08.26 22:38:04 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\extensions\youtube2mp3@mondayx.de.xpi [2013.06.02 09:54:04 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.05.03 23:34:54 | 000,917,791 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\extensions\{51154b97-c607-43f0-ad88-dda01a32a1e3}.xpi [2013.05.08 23:18:41 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.02 19:52:31 | 000,002,203 | ---- | M] () -- C:\Users\bella\AppData\Roaming\mozilla\firefox\profiles\3dmn4gai.default\searchplugins\MyStart Search.xml [2013.05.23 13:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.23 13:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.23 13:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.23 13:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.05.23 13:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 13:11:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.10.13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [SD2014] C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{409F0E7E-1E7C-4549-912F-514116432BF0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C35D93E-4664-469A-9D83-CE6296F1DCB7}: NameServer = 212.91.97.3 212.91.97.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.06 10:21:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe [2013.06.05 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014 [2013.06.05 23:12:43 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Roaming\ahR4dRV [2013.05.23 13:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\Users\bella\Documents\*.tmp files -> C:\Users\bella\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.06 10:25:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 10:25:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 10:22:51 | 001,830,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.06 10:22:51 | 000,774,190 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.06 10:22:51 | 000,727,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.06 10:22:51 | 000,178,582 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.06 10:22:51 | 000,150,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.06 10:20:48 | 000,000,000 | ---- | M] () -- C:\Users\bella\defogger_reenable [2013.06.06 10:18:49 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.06.06 10:18:41 | 000,001,846 | ---- | M] () -- C:\Users\bella\Desktop\System Doctor 2014.lnk [2013.06.06 10:18:41 | 000,000,112 | ---- | M] () -- C:\Users\bella\Desktop\System Doctor 2014 support.url [2013.06.06 10:18:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.06 10:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.06 10:17:46 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2013.06.06 10:13:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe [2013.06.06 10:13:00 | 000,050,477 | ---- | M] () -- C:\Users\bella\Desktop\Defogger.exe [2013.06.06 08:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.25 01:33:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.25 01:33:34 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.18 13:45:30 | 000,306,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 13:23:39 | 000,000,000 | ---- | M] () -- C:\END [2 C:\Users\bella\Documents\*.tmp files -> C:\Users\bella\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.06 10:20:48 | 000,000,000 | ---- | C] () -- C:\Users\bella\defogger_reenable [2013.06.06 10:19:57 | 000,050,477 | ---- | C] () -- C:\Users\bella\Desktop\Defogger.exe [2013.06.05 23:17:54 | 000,001,846 | ---- | C] () -- C:\Users\bella\Desktop\System Doctor 2014.lnk [2013.06.05 23:17:54 | 000,000,112 | ---- | C] () -- C:\Users\bella\Desktop\System Doctor 2014 support.url [2013.05.25 01:33:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.25 01:33:34 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.18 13:23:39 | 000,000,000 | ---- | C] () -- C:\END [2013.04.22 02:50:27 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.11.29 14:16:48 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini [2012.09.20 21:19:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.20 21:19:29 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.09.20 21:19:28 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.09.20 21:19:26 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.09.20 19:38:09 | 000,000,532 | ---- | C] () -- C:\Users\bella\AppData\Roaming\All CPU MeterV3_Settings.ini [2011.07.07 16:37:48 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.04.15 00:16:40 | 000,007,611 | ---- | C] () -- C:\Users\bella\AppData\Local\resmon.resmoncfg [2011.03.02 20:43:53 | 000,003,584 | ---- | C] () -- C:\Users\bella\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.26 14:03:19 | 000,000,093 | ---- | C] () -- C:\Users\bella\AppData\Local\fusioncache.dat [2010.07.02 13:41:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.05 23:17:44 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\ahR4dRV [2011.11.22 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Canneverbe Limited [2012.09.19 20:30:37 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Canon [2012.12.04 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Dropbox [2011.04.15 00:24:42 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\eSobi [2011.07.05 23:44:20 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\GetRightToGo [2013.03.29 18:31:36 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\GlarySoft [2012.06.08 23:42:44 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Karteikartentrainer [2011.03.07 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Liteon [2012.11.09 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Nuance [2012.10.04 23:35:43 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\OpenOffice.org [2012.07.02 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\pdfforge [2011.03.01 01:48:45 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\PlayFirst [2012.11.09 12:44:02 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\ScanSoft [2013.05.29 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\SoftGrid Client [2012.10.27 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\stickies [2011.02.28 04:57:07 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\TP [2012.05.21 22:29:17 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Windows Live Writer [2012.12.04 21:28:11 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 06.06.2013 10:21:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bella\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 60,16% Memory free
7,36 Gb Paging File | 5,54 Gb Available in Paging File | 75,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685,54 Gb Total Space | 618,08 Gb Free Space | 90,16% Space Free | Partition Type: NTFS
Drive E: | 7,60 Gb Total Space | 7,60 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Computer Name: 1234-PC | User Name: bella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CAFC25-697D-482A-B578-D1BE4EBD4BCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{118553E3-F9B4-4F05-803B-52115CAE65F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{16BC6EBD-28F6-4A4C-9295-03B63E103337}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A4BAE26-911D-4941-9E21-8DD9E68FCBE0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1ACD1C83-5036-4BEB-81DA-C99DFDCD0817}" = rport=139 | protocol=6 | dir=out | app=system |
"{25312C51-9A52-4761-8075-9BD8D81FC025}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D452A36-46BF-4541-ADF8-66260EE8A35D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E4770F-1AFE-4E8C-9551-D97F7C593946}" = lport=445 | protocol=6 | dir=in | app=system |
"{39D27B2E-D679-4C91-A407-40AA765783BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4862B380-1BB5-4CE1-9AF6-61DA17264756}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61264FE4-E5F8-4794-9862-A9BCFA8935CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75CA3F8D-DD5F-49A1-8C44-83A93848C3E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{788B3656-1505-4650-B67A-B18B2FE5CB34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C811761-70C4-426C-9312-682EDDCF9072}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D704397-98C5-4FAD-83D6-2FDD9A283F55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{937334AF-E76A-476F-8890-BE91C8711CD3}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1E456CC-6BC7-4918-8B9B-16C07300B743}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A95B043C-0C58-44B1-B64B-161BB82C0E78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA810F01-CBED-4F8F-9F0A-224413CAAF06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD7D3C0A-24FA-4713-B7BB-82B5F23E1B08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C58E3C95-773A-464C-A1BA-C5E74C0EAC8F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCCE61A9-4A75-40D3-AF27-66C8E7B95AD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCD22A4A-8F4F-4375-B04C-10BC924E204A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD8E482C-C853-4462-929C-F2F3D8B765E9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF1E06E4-1679-4E67-83D9-B86B1ECC7884}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4925965-584B-4FD3-A062-5628BBED704B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E52700C5-F41B-4911-8AED-AE94DBF356E6}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0066216E-2DD2-43CD-AAB8-AA930A6F1829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{024EB1A9-E741-4B07-91F1-397A8594588B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{025A5B04-6D3A-4149-B71E-191CDD823520}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02613F7B-6D7D-4090-8BD0-4BDAA5CB3CB6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{028BE786-1967-473E-B413-3F03C26DE6D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04FD137D-4C79-4237-9B5A-FDD1E8FAD296}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{097264D6-A879-48CF-9209-4753D18AC8ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{157D5C37-77A4-48BE-AF7D-80FB6E816A34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{217BA4A1-023A-494D-B872-D7F73AA8F6DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B788F59-7C1E-4160-99DD-6B8225366F28}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2BEDF206-A645-4286-80E9-9162BA6E324F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{2F5C3E4B-7A69-471C-B318-39FA9799235E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3435FF22-AA30-4FBC-89D2-2A042B1664BA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{3E2F8DCE-1AD7-42AD-95EA-BAD82F2B72CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41E08958-997D-44DD-822B-182C73CB6305}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{454868E0-7884-403F-AB6C-B1FD8B453590}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{506B091F-BF12-42CC-B526-272D804A3387}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{70C7455A-E4A8-4D78-B27F-8E89F422EA0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{739EF74F-C6FB-4949-9FDE-B117255846A7}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{7810F39C-A431-4B98-86F4-78585E473CDE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8CE35580-9BF2-416C-820D-C3D9916CD9E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DE68070-BD33-415F-A740-B9741B13BD10}" = protocol=6 | dir=out | app=system |
"{8E7B6991-261B-4FF8-A392-B4537D449A00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F102156-C1F3-4C5C-A494-A55DBC4C7225}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{955199BE-5F95-4D79-90F3-F36A55F9B32B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{970F49A0-A5DC-4766-A16D-80CE4D990E0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C41BB4F-C7B5-4BAE-A0C2-E7283CAEC97C}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{A591EDC3-B69D-4288-B26D-0AA0C19F6A28}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A64419DC-6D11-47FD-A6E4-4E628BDE511F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6737B58-9871-4441-A8F7-E7DE23EADE20}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{A9E2B9DE-EBA8-4BE4-A952-0A03104F6D16}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B046AEA9-A9AF-4DAD-9038-CB6BF3783A0D}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe |
"{B41B94AB-49F7-4AF6-A031-FAA2634190AF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{BB1B83C8-C962-409C-82B6-C5CA4BB8FF38}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BD372510-DB8B-4C1E-9A97-E0C1E7B0C7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C88F0284-DDFD-4F3E-9815-826D0B0793E4}" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe |
"{CB4834AB-9104-4DBE-A30E-B498C33C188C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CF6425F4-9204-4673-821E-000FB64E2664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2574D49-63EE-478C-9457-3AE14E06A9CD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7E92FEC-C8E2-4912-A337-D75E1BDEE0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E480B816-3D56-4CBE-8655-3B3789E40315}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E7F7FC98-DC47-4936-A48C-B69AE887C695}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{EF6AE2C4-44E9-4E4B-8033-1FE8AC3ACE8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0CDE801-500E-4D1D-B94F-5767E79CE654}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{F4980CB3-4466-4B6A-B352-FDCF45B32F00}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"{F7E1C0DC-E86E-41EA-AF71-0462DF89CBA6}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe |
"{FB6FC1BF-3BC8-47E9-A375-F075D1CF91FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC43EB75-0545-4073-A6FF-08167B15065D}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"{FD7CA43C-B01D-4D66-8E53-25B0461471B5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{FE34944E-4701-40B7-9E98-A9B94B5CF2B4}" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFF2621B-BE64-4C86-8C76-2AD663D2201E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4E6F0992-7E3A-4FF0-B48A-B0EE35A91A43}C:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B08B10BA-7FAA-4B14-B343-5B36F86C9884}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"TCP Query User{CF9ADB1B-0AA6-4BB3-B5DC-68F9556AE9CE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{E1B4A852-830B-47E9-8E63-E92CBB798E8A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{21B6807B-6C2C-472E-9ED5-AA9BC2067455}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{442730A7-EB5B-4E44-A1E4-AA204B121B48}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"UDP Query User{5D1A5382-EC72-4C7C-BF56-A737A9281E7C}C:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{AB11FE47-E037-4B02-83CA-87DBA40CE761}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{364DE718-D45E-978A-A316-AB0557649B6F}" = ATI AVIVO64 Codecs
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{57568DAE-9AC0-8631-0331-3BBD930DAC73}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B39F601A-E865-7C74-48C6-821AD1312D33}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D3A6104C-498A-CA78-3119-0B8636B16B81}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0931F257-B1BC-5ED6-BAE6-20BF9E299AAA}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E49D2F5-18C5-4097-B30B-9AC73168B5E9}" = Acer 3G Connection Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21ED4B1C-F821-DBA3-8330-6057200743D9}" = Catalyst Control Center InstallProxy
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2893C0AA-0ECB-0770-2D77-4418C9C9108D}" = CCC Help Chinese Standard
"{2A7E3DF9-740E-D342-4576-629FD7328C56}" = CCC Help Finnish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D1EDBBF-48BA-4F88-BACA-942481B574E6}" = CCC Help Italian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F98E0AB-9560-C44F-D04D-B6909E8F2426}" = CCC Help Korean
"{47305B72-9CE4-7FD9-78DD-96C049B14820}" = CCC Help German
"{49F19693-BC3F-2C2D-6103-6C09D6F3E90D}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{547EC6A9-752B-A9CE-0A41-F0243E735901}" = CCC Help Czech
"{57439F3C-1001-5AB2-A0E4-F36D43C84BEB}" = HydraVision
"{57652C9C-5E0A-CBFF-9692-088312BCBEBC}" = CCC Help Chinese Traditional
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C88F1C1-2C2F-0EF3-28AE-DB6D51AF0891}" = CCC Help Hungarian
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADA0490-167D-4828-2AE4-CD4DE43C3049}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E80987-F9ED-3559-1118-9CE7F6EEB846}" = CCC Help Spanish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{885EACE2-F2B6-BC1F-E4DC-D80154650B8D}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B608A7-A50A-426E-9322-2E557C9DA628}" = MATHPROF 4.0
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A17000FB-215D-9105-581C-7DF66B7A15B5}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A922EA1A-9AF0-5062-07EA-469A5C629358}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AEE629D8-0733-3EF0-A67B-2F18F60601D8}" = Catalyst Control Center Graphics Previews Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1233B58-3829-31D8-3B2E-ED2C0B3EB3DB}" = Catalyst Control Center
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2C43265-1E2A-04D1-A330-72970C308743}" = CCC Help Norwegian
"{B3ED071C-4F25-68C1-09F4-5C8D800A3086}" = CCC Help French
"{B935A770-8B9D-EA52-B814-01B95BC834D5}" = CCC Help Portuguese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79531DC-85D7-997F-4083-CE65505F1B7E}" = Catalyst Control Center Profiles Mobile
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5405C62-539F-3774-10D3-FAC8F4CA1B4C}" = PX Profile Update
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{ECA6E166-4BC5-60DA-DEC4-CDF15DA1B232}" = CCC Help Turkish
"{EE080DBB-603F-6B44-4EAF-2D69CAC68805}" = CCC Help Thai
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5B6FA52-F6AB-C823-C9E6-89843CBFE80D}" = CCC Help Danish
"{F5CEEF6D-92E2-2263-4F23-EA9555146B6E}" = CCC Help Greek
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC408A79-5107-2BF7-A48A-A81DFD75E04A}" = CCC Help Swedish
"AC3Filter_is1" = AC3Filter 1.63b
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Glary Utilities_is1" = Glary Utilities 2.54.0.1759
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2013 13:13:58 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.05.2013 16:28:03 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 29.05.2013 05:23:57 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 29.05.2013 23:16:52 | Computer Name = 1234-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_p2pimsvc, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ESENT.dll, Version: 6.1.7601.17577,
Zeitstempel: 0x4d79bfba Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001142c
ID
des fehlerhaften Prozesses: 0x114c Startzeit der fehlerhaften Anwendung: 0x01ce5c8d4a12d20f
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\ESENT.dll Berichtskennung: 5f5100a2-c8d7-11e2-8f7b-001e101f79c9
Error - 31.05.2013 06:24:00 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.06.2013 07:06:32 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.06.2013 03:38:57 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.06.2013 19:05:29 | Computer Name = 1234-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.06.2013 03:30:28 | Computer Name = 1234-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
0x4ba91337 Name des fehlerhaften Moduls: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
0x4ba91337 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000484b3 ID des fehlerhaften Prozesses:
0x7a4 Startzeit der fehlerhaften Anwendung: 0x01ce6287a8097df7 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe Berichtskennung:
f539417c-ce7a-11e2-897f-001e101f8ed0
Error - 06.06.2013 03:32:42 | Computer Name = 1234-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
0x4ba91337 Name des fehlerhaften Moduls: cvpnd.exe, Version: 0.0.0.0, Zeitstempel:
0x4ba91337 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000484b3 ID des fehlerhaften Prozesses:
0x7a4 Startzeit der fehlerhaften Anwendung: 0x01ce6287fc85ba43 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe Berichtskennung:
45ad546c-ce7b-11e2-a11c-001e101f4da1
[ System Events ]
Error - 04.06.2013 08:00:30 | Computer Name = 1234-PC | Source = DCOM | ID = 10010
Description =
Error - 04.06.2013 16:33:21 | Computer Name = 1234-PC | Source = DCOM | ID = 10016
Description =
Error - 04.06.2013 17:35:35 | Computer Name = 1234-PC | Source = DCOM | ID = 10010
Description =
Error - 05.06.2013 05:37:47 | Computer Name = 1234-PC | Source = DCOM | ID = 10016
Description =
Error - 05.06.2013 05:37:52 | Computer Name = 1234-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 06.06.2013 03:28:53 | Computer Name = 1234-PC | Source = DCOM | ID = 10010
Description =
Error - 06.06.2013 03:30:27 | Computer Name = 1234-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WinHttpAutoProxySvc" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.06.2013 03:30:27 | Computer Name = 1234-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1069
Error - 06.06.2013 03:32:45 | Computer Name = 1234-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Cisco Systems, Inc. VPN Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 06.06.2013 04:19:12 | Computer Name = 1234-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-06 11:19:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\bella\AppData\Local\Temp\kwldqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033b4000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800033b402f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000730d1a22 2 bytes [0D, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000730d1ad0 2 bytes [0D, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000730d1b08 2 bytes [0D, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000730d1bba 2 bytes [0D, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2280] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000730d1bda 2 bytes [0D, 73]
? C:\Windows\system32\mssprxy.dll [2848] entry point in ".rdata" section 00000000704271e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
.text C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e51465 2 bytes [E5, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e514bb 2 bytes [E5, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1612:2576] 000007fee8bb9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ddb524
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ddb524@0017caf31562 0xD2 0x0D 0xF9 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ddb524 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ddb524@0017caf31562 0xD2 0x0D 0xF9 0x74 ...
---- EOF - GMER 2.1 ----
|
|
06.06.2013, 10:30
| #2 |
| /// Malware-holic   | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SD2014] C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe ()
[2013.06.05 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014
[2013.06.05 23:12:43 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Roaming\ahR4dRV
[2013.06.06 10:18:41 | 000,001,846 | ---- | M] () -- C:\Users\bella\Desktop\System Doctor 2014.lnk
[2013.06.06 10:18:41 | 000,000,112 | ---- | M] () -- C:\Users\bella\Desktop\System Doctor 2014 support.url
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
06.06.2013, 11:05
| #3 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hej,
__________________Upload hat geklappt und hier die log-Datei Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SD2014 not found.
File C:\Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe not found.
Folder C:\Users\bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014\ not found.
Folder C:\Users\bella\AppData\Roaming\ahR4dRV\ not found.
File C:\Users\bella\Desktop\System Doctor 2014.lnk not found.
File C:\Users\bella\Desktop\System Doctor 2014 support.url not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: bella
->Temp folder emptied: 778 bytes
->Temporary Internet Files folder emptied: 258 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 376250028 bytes
->Flash cache emptied: 3055 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 1240214 bytes
->Temporary Internet Files folder emptied: 2481002 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14445109 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87918143 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304114 bytes
RecycleBin emptied: 191998 bytes
Total Files Cleaned = 501,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06062013_115430
Files\Folders moved on Reboot...
C:\Users\bella\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\bella\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000001A8D737A8B2456A2D not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
06.06.2013, 11:10
| #4 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2013, 11:22
| #5 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hej, hier die Datei Code:
ATTFilter 12:15:36.0087 3136 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:15:36.0098 3136 ============================================================
12:15:36.0098 3136 Current date / time: 2013/06/06 12:15:36.0098
12:15:36.0098 3136 SystemInfo:
12:15:36.0098 3136
12:15:36.0098 3136 OS Version: 6.1.7601 ServicePack: 1.0
12:15:36.0098 3136 Product type: Workstation
12:15:36.0098 3136 ComputerName: 1234-PC
12:15:36.0098 3136 UserName: bella
12:15:36.0098 3136 Windows directory: C:\Windows
12:15:36.0098 3136 System windows directory: C:\Windows
12:15:36.0098 3136 Running under WOW64
12:15:36.0099 3136 Processor architecture: Intel x64
12:15:36.0099 3136 Number of processors: 4
12:15:36.0099 3136 Page size: 0x1000
12:15:36.0099 3136 Boot type: Normal boot
12:15:36.0099 3136 ============================================================
12:15:36.0745 3136 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:15:36.0753 3136 Drive \Device\Harddisk1\DR2 - Size: 0x1E7900000 (7.62 Gb), SectorSize: 0x200, Cylinders: 0x3E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:15:36.0756 3136 ============================================================
12:15:36.0756 3136 \Device\Harddisk0\DR0:
12:15:36.0756 3136 MBR partitions:
12:15:36.0756 3136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:15:36.0756 3136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000
12:15:36.0756 3136 \Device\Harddisk1\DR2:
12:15:36.0757 3136 MBR partitions:
12:15:36.0757 3136 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xF3C7E0
12:15:36.0757 3136 ============================================================
12:15:36.0796 3136 C: <-> \Device\Harddisk0\DR0\Partition2
12:15:36.0796 3136 ============================================================
12:15:36.0796 3136 Initialize success
12:15:36.0796 3136 ============================================================
12:16:17.0410 5440 ============================================================
12:16:17.0410 5440 Scan started
12:16:17.0410 5440 Mode: Manual; SigCheck; TDLFS;
12:16:17.0410 5440 ============================================================
12:16:17.0556 5440 ================ Scan system memory ========================
12:16:17.0556 5440 System memory - ok
12:16:17.0557 5440 ================ Scan services =============================
12:16:17.0732 5440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:16:17.0843 5440 1394ohci - ok
12:16:17.0913 5440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:16:17.0945 5440 ACPI - ok
12:16:17.0979 5440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:16:18.0046 5440 AcpiPmi - ok
12:16:18.0173 5440 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:16:18.0194 5440 AdobeARMservice - ok
12:16:18.0233 5440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:16:18.0273 5440 adp94xx - ok
12:16:18.0289 5440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:16:18.0312 5440 adpahci - ok
12:16:18.0328 5440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:16:18.0347 5440 adpu320 - ok
12:16:18.0375 5440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:16:18.0558 5440 AeLookupSvc - ok
12:16:18.0614 5440 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:16:18.0690 5440 AFD - ok
12:16:18.0720 5440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:16:18.0749 5440 agp440 - ok
12:16:18.0766 5440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:16:18.0813 5440 ALG - ok
12:16:18.0833 5440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:16:18.0849 5440 aliide - ok
12:16:18.0893 5440 [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:16:18.0935 5440 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - warning
12:16:18.0935 5440 AMD External Events Utility - detected UnsignedFile.Multi.Generic (1)
12:16:18.0952 5440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:16:18.0969 5440 amdide - ok
12:16:18.0998 5440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:16:19.0056 5440 AmdK8 - ok
12:16:19.0228 5440 [ 450DD59F69539A052BD09E55F6E91747 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:16:19.0410 5440 amdkmdag ( UnsignedFile.Multi.Generic ) - warning
12:16:19.0410 5440 amdkmdag - detected UnsignedFile.Multi.Generic (1)
12:16:19.0460 5440 [ 5B3E5C20C22B3C3791CF2B7CD47DF20F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:16:19.0497 5440 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
12:16:19.0497 5440 amdkmdap - detected UnsignedFile.Multi.Generic (1)
12:16:19.0513 5440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:16:19.0555 5440 AmdPPM - ok
12:16:19.0587 5440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:16:19.0606 5440 amdsata - ok
12:16:19.0650 5440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:16:19.0685 5440 amdsbs - ok
12:16:19.0695 5440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:16:19.0709 5440 amdxata - ok
12:16:19.0735 5440 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
12:16:19.0764 5440 AmUStor - ok
12:16:19.0852 5440 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:16:19.0872 5440 AntiVirSchedulerService - ok
12:16:19.0895 5440 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:16:19.0913 5440 AntiVirService - ok
12:16:19.0961 5440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:16:20.0054 5440 AppID - ok
12:16:20.0077 5440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:16:20.0229 5440 AppIDSvc - ok
12:16:20.0271 5440 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
12:16:20.0311 5440 Appinfo - ok
12:16:20.0323 5440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:16:20.0350 5440 arc - ok
12:16:20.0361 5440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:16:20.0382 5440 arcsas - ok
12:16:20.0519 5440 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:16:20.0545 5440 aspnet_state - ok
12:16:20.0568 5440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:16:20.0631 5440 AsyncMac - ok
12:16:20.0666 5440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:16:20.0679 5440 atapi - ok
12:16:20.0756 5440 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:16:20.0881 5440 athr - ok
12:16:20.0928 5440 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:16:21.0217 5440 AtiHDAudioService - ok
12:16:21.0250 5440 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:16:21.0532 5440 AtiHdmiService - ok
12:16:21.0600 5440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:16:21.0710 5440 AudioEndpointBuilder - ok
12:16:21.0732 5440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:16:21.0771 5440 AudioSrv - ok
12:16:21.0822 5440 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:16:22.0118 5440 avgntflt - ok
12:16:22.0172 5440 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:16:22.0474 5440 avipbb - ok
12:16:22.0516 5440 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:16:22.0807 5440 avkmgr - ok
12:16:22.0859 5440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:16:22.0922 5440 AxInstSV - ok
12:16:22.0963 5440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:16:23.0011 5440 b06bdrv - ok
12:16:23.0039 5440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:16:23.0087 5440 b57nd60a - ok
12:16:23.0164 5440 [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:16:23.0497 5440 BCM43XX - ok
12:16:23.0549 5440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:16:23.0595 5440 BDESVC - ok
12:16:23.0614 5440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:16:23.0664 5440 Beep - ok
12:16:23.0720 5440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:16:23.0780 5440 BFE - ok
12:16:23.0817 5440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:16:23.0883 5440 BITS - ok
12:16:23.0904 5440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:16:23.0941 5440 blbdrive - ok
12:16:23.0988 5440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:16:24.0022 5440 bowser - ok
12:16:24.0041 5440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:16:24.0100 5440 BrFiltLo - ok
12:16:24.0112 5440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:16:24.0157 5440 BrFiltUp - ok
12:16:24.0192 5440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:16:24.0244 5440 Browser - ok
12:16:24.0280 5440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:16:24.0316 5440 Brserid - ok
12:16:24.0330 5440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:16:24.0372 5440 BrSerWdm - ok
12:16:24.0389 5440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:16:24.0442 5440 BrUsbMdm - ok
12:16:24.0460 5440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:16:24.0489 5440 BrUsbSer - ok
12:16:24.0537 5440 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:16:24.0617 5440 BthEnum - ok
12:16:24.0639 5440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:16:24.0683 5440 BTHMODEM - ok
12:16:24.0712 5440 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:16:24.0737 5440 BthPan - ok
12:16:24.0779 5440 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:16:24.0818 5440 BTHPORT - ok
12:16:24.0859 5440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:16:24.0910 5440 bthserv - ok
12:16:24.0930 5440 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:16:24.0975 5440 BTHUSB - ok
12:16:25.0002 5440 [ 380B798D30C56EDE4AF58619D0E86CCB ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
12:16:25.0295 5440 btwampfl - ok
12:16:25.0335 5440 [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:16:25.0618 5440 btwaudio - ok
12:16:25.0685 5440 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
12:16:25.0980 5440 btwavdt - ok
12:16:26.0085 5440 [ 3930E53EE0BED9DFF9AFA09F505D0CAE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:16:26.0131 5440 btwdins - ok
12:16:26.0142 5440 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:16:26.0427 5440 btwl2cap - ok
12:16:26.0471 5440 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:16:26.0759 5440 btwrchid - ok
12:16:26.0815 5440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:16:26.0895 5440 cdfs - ok
12:16:26.0960 5440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:16:26.0998 5440 cdrom - ok
12:16:27.0036 5440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:16:27.0106 5440 CertPropSvc - ok
12:16:27.0122 5440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:16:27.0147 5440 circlass - ok
12:16:27.0179 5440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:16:27.0210 5440 CLFS - ok
12:16:27.0263 5440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:27.0292 5440 clr_optimization_v2.0.50727_32 - ok
12:16:27.0327 5440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:16:27.0353 5440 clr_optimization_v2.0.50727_64 - ok
12:16:27.0423 5440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:16:27.0443 5440 clr_optimization_v4.0.30319_32 - ok
12:16:27.0462 5440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:16:27.0471 5440 clr_optimization_v4.0.30319_64 - ok
12:16:27.0491 5440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:16:27.0505 5440 CmBatt - ok
12:16:27.0525 5440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:16:27.0539 5440 cmdide - ok
12:16:27.0579 5440 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:16:27.0640 5440 CNG - ok
12:16:27.0654 5440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:16:27.0667 5440 Compbatt - ok
12:16:27.0703 5440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:16:27.0734 5440 CompositeBus - ok
12:16:27.0737 5440 COMSysApp - ok
12:16:27.0759 5440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:16:27.0774 5440 crcdisk - ok
12:16:27.0836 5440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:16:27.0865 5440 CryptSvc - ok
12:16:27.0966 5440 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:16:28.0002 5440 cvhsvc - ok
12:16:28.0039 5440 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
12:16:28.0315 5440 CVirtA - ok
12:16:28.0418 5440 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:16:28.0480 5440 CVPND - ok
12:16:28.0514 5440 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
12:16:28.0806 5440 CVPNDRVA - ok
12:16:28.0873 5440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:16:28.0938 5440 DcomLaunch - ok
12:16:28.0964 5440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:16:29.0024 5440 defragsvc - ok
12:16:29.0060 5440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:16:29.0114 5440 DfsC - ok
12:16:29.0170 5440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:16:29.0224 5440 Dhcp - ok
12:16:29.0253 5440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:16:29.0311 5440 discache - ok
12:16:29.0335 5440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:16:29.0351 5440 Disk - ok
12:16:29.0387 5440 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
12:16:29.0396 5440 DNE - ok
12:16:29.0438 5440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:16:29.0476 5440 Dnscache - ok
12:16:29.0511 5440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:16:29.0571 5440 dot3svc - ok
12:16:29.0656 5440 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:16:29.0692 5440 dot4 - ok
12:16:29.0752 5440 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
12:16:29.0790 5440 Dot4Print - ok
12:16:29.0808 5440 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:16:29.0841 5440 Dot4Scan - ok
12:16:29.0877 5440 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:16:29.0909 5440 dot4usb - ok
12:16:29.0946 5440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:16:30.0002 5440 DPS - ok
12:16:30.0038 5440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:16:30.0095 5440 drmkaud - ok
12:16:30.0152 5440 [ 55F6F3E0DF82E0113082852347BF2C16 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:16:30.0445 5440 DsiWMIService - ok
12:16:30.0516 5440 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:16:30.0576 5440 DXGKrnl - ok
12:16:30.0602 5440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:16:30.0652 5440 EapHost - ok
12:16:30.0725 5440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:16:30.0886 5440 ebdrv - ok
12:16:30.0924 5440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:16:30.0963 5440 EFS - ok
12:16:31.0021 5440 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:16:31.0087 5440 ehRecvr - ok
12:16:31.0116 5440 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:16:31.0173 5440 ehSched - ok
12:16:31.0210 5440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:16:31.0258 5440 elxstor - ok
12:16:31.0328 5440 [ EB78FBD1C3DB8223EEB364D485627EF1 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
12:16:31.0633 5440 ePowerSvc - ok
12:16:31.0682 5440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:16:31.0721 5440 ErrDev - ok
12:16:31.0760 5440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:16:31.0836 5440 EventSystem - ok
12:16:31.0876 5440 [ 613B2836EF86490C2764345BB1378F18 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
12:16:31.0913 5440 ewusbnet - ok
12:16:31.0926 5440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:16:31.0989 5440 exfat - ok
12:16:32.0003 5440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:16:32.0055 5440 fastfat - ok
12:16:32.0115 5440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:16:32.0179 5440 Fax - ok
12:16:32.0202 5440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:16:32.0238 5440 fdc - ok
12:16:32.0262 5440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:16:32.0324 5440 fdPHost - ok
12:16:32.0334 5440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:16:32.0370 5440 FDResPub - ok
12:16:32.0381 5440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:16:32.0397 5440 FileInfo - ok
12:16:32.0408 5440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:16:32.0458 5440 Filetrace - ok
12:16:32.0469 5440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:16:32.0483 5440 flpydisk - ok
12:16:32.0521 5440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:16:32.0568 5440 FltMgr - ok
12:16:32.0634 5440 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
12:16:32.0710 5440 FontCache - ok
12:16:32.0761 5440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:16:32.0777 5440 FontCache3.0.0.0 - ok
12:16:32.0798 5440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:16:32.0818 5440 FsDepends - ok
12:16:32.0849 5440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:16:32.0874 5440 Fs_Rec - ok
12:16:32.0930 5440 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:16:32.0975 5440 fvevol - ok
12:16:32.0993 5440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:16:33.0010 5440 gagp30kx - ok
12:16:33.0047 5440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:16:33.0105 5440 gpsvc - ok
12:16:33.0160 5440 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
12:16:33.0460 5440 GREGService - ok
12:16:33.0560 5440 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:16:33.0578 5440 gupdate - ok
12:16:33.0604 5440 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:16:33.0620 5440 gupdatem - ok
12:16:33.0641 5440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:16:33.0669 5440 hcw85cir - ok
12:16:33.0710 5440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:16:33.0759 5440 HdAudAddService - ok
12:16:33.0791 5440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:16:33.0820 5440 HDAudBus - ok
12:16:33.0850 5440 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:16:34.0141 5440 HECIx64 - ok
12:16:34.0185 5440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:16:34.0226 5440 HidBatt - ok
12:16:34.0240 5440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:16:34.0287 5440 HidBth - ok
12:16:34.0313 5440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:16:34.0339 5440 HidIr - ok
12:16:34.0366 5440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:16:34.0425 5440 hidserv - ok
12:16:34.0468 5440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:16:34.0493 5440 HidUsb - ok
12:16:34.0532 5440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:16:34.0603 5440 hkmsvc - ok
12:16:34.0640 5440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:16:34.0687 5440 HomeGroupListener - ok
12:16:34.0720 5440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:16:34.0763 5440 HomeGroupProvider - ok
12:16:34.0811 5440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:16:34.0841 5440 HpSAMD - ok
12:16:34.0887 5440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:16:34.0977 5440 HTTP - ok
12:16:35.0028 5440 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:16:35.0066 5440 hwdatacard - ok
12:16:35.0099 5440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:16:35.0119 5440 hwpolicy - ok
12:16:35.0181 5440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:16:35.0212 5440 i8042prt - ok
12:16:35.0243 5440 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:16:35.0533 5440 iaStor - ok
12:16:35.0620 5440 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:16:35.0911 5440 IAStorDataMgrSvc - ok
12:16:35.0952 5440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:16:36.0000 5440 iaStorV - ok
12:16:36.0046 5440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:16:36.0119 5440 idsvc - ok
12:16:36.0137 5440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:16:36.0152 5440 iirsp - ok
12:16:36.0174 5440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:16:36.0252 5440 IKEEXT - ok
12:16:36.0278 5440 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:16:36.0324 5440 Impcd - ok
12:16:36.0418 5440 [ 06B774E74F7E2B8AE903A70C45A03D61 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:16:36.0742 5440 IntcAzAudAddService - ok
12:16:36.0794 5440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:16:36.0819 5440 intelide - ok
12:16:37.0030 5440 [ 61972D4E8C1B97981108293CEAC867A8 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
12:16:37.0301 5440 intelkmd ( UnsignedFile.Multi.Generic ) - warning
12:16:37.0302 5440 intelkmd - detected UnsignedFile.Multi.Generic (1)
12:16:37.0335 5440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:16:37.0354 5440 intelppm - ok
12:16:37.0380 5440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:16:37.0437 5440 IPBusEnum - ok
12:16:37.0474 5440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:16:37.0547 5440 IpFilterDriver - ok
12:16:37.0600 5440 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:16:37.0630 5440 iphlpsvc - ok
12:16:37.0667 5440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:16:37.0697 5440 IPMIDRV - ok
12:16:37.0711 5440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:16:37.0772 5440 IPNAT - ok
12:16:37.0798 5440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:16:37.0832 5440 IRENUM - ok
12:16:37.0862 5440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:16:37.0889 5440 isapnp - ok
12:16:37.0917 5440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:16:37.0944 5440 iScsiPrt - ok
12:16:37.0962 5440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:16:37.0976 5440 kbdclass - ok
12:16:38.0002 5440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:16:38.0034 5440 kbdhid - ok
12:16:38.0045 5440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:16:38.0058 5440 KeyIso - ok
12:16:38.0092 5440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:16:38.0112 5440 KSecDD - ok
12:16:38.0136 5440 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:16:38.0157 5440 KSecPkg - ok
12:16:38.0173 5440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:16:38.0231 5440 ksthunk - ok
12:16:38.0265 5440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:16:38.0324 5440 KtmRm - ok
12:16:38.0363 5440 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
12:16:38.0648 5440 L1C - ok
12:16:38.0732 5440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:16:38.0829 5440 LanmanServer - ok
12:16:38.0864 5440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:16:38.0911 5440 LanmanWorkstation - ok
12:16:38.0951 5440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:16:39.0017 5440 lltdio - ok
12:16:39.0034 5440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:16:39.0096 5440 lltdsvc - ok
12:16:39.0108 5440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:16:39.0141 5440 lmhosts - ok
12:16:39.0190 5440 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:16:39.0221 5440 LMS ( UnsignedFile.Multi.Generic ) - warning
12:16:39.0221 5440 LMS - detected UnsignedFile.Multi.Generic (1)
12:16:39.0261 5440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:16:39.0288 5440 LSI_FC - ok
12:16:39.0309 5440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:16:39.0328 5440 LSI_SAS - ok
12:16:39.0337 5440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:16:39.0355 5440 LSI_SAS2 - ok
12:16:39.0369 5440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:16:39.0386 5440 LSI_SCSI - ok
12:16:39.0398 5440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:16:39.0459 5440 luafv - ok
12:16:39.0505 5440 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:16:39.0524 5440 Mcx2Svc - ok
12:16:39.0536 5440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:16:39.0552 5440 megasas - ok
12:16:39.0570 5440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:16:39.0592 5440 MegaSR - ok
12:16:39.0627 5440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:16:39.0687 5440 MMCSS - ok
12:16:39.0714 5440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:16:39.0776 5440 Modem - ok
12:16:39.0796 5440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:16:39.0820 5440 monitor - ok
12:16:39.0840 5440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:16:39.0854 5440 mouclass - ok
12:16:39.0882 5440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:16:39.0924 5440 mouhid - ok
12:16:39.0954 5440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:16:39.0973 5440 mountmgr - ok
12:16:40.0035 5440 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:16:40.0066 5440 MozillaMaintenance - ok
12:16:40.0091 5440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:16:40.0122 5440 mpio - ok
12:16:40.0128 5440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:16:40.0173 5440 mpsdrv - ok
12:16:40.0220 5440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:16:40.0298 5440 MpsSvc - ok
12:16:40.0332 5440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:16:40.0370 5440 MRxDAV - ok
12:16:40.0398 5440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:16:40.0432 5440 mrxsmb - ok
12:16:40.0469 5440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:16:40.0504 5440 mrxsmb10 - ok
12:16:40.0524 5440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:16:40.0554 5440 mrxsmb20 - ok
12:16:40.0597 5440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:16:40.0623 5440 msahci - ok
12:16:40.0641 5440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:16:40.0664 5440 msdsm - ok
12:16:40.0679 5440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:16:40.0704 5440 MSDTC - ok
12:16:40.0726 5440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:16:40.0801 5440 Msfs - ok
12:16:40.0825 5440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:16:40.0867 5440 mshidkmdf - ok
12:16:40.0898 5440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:16:40.0911 5440 msisadrv - ok
12:16:40.0937 5440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:16:40.0991 5440 MSiSCSI - ok
12:16:40.0995 5440 msiserver - ok
12:16:41.0016 5440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:16:41.0054 5440 MSKSSRV - ok
12:16:41.0061 5440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:16:41.0106 5440 MSPCLOCK - ok
12:16:41.0119 5440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:16:41.0163 5440 MSPQM - ok
12:16:41.0194 5440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:16:41.0221 5440 MsRPC - ok
12:16:41.0240 5440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:16:41.0250 5440 mssmbios - ok
12:16:41.0306 5440 MSSQL$SQLEXPRESS - ok
12:16:41.0408 5440 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:16:41.0438 5440 MSSQLServerADHelper100 - ok
12:16:41.0454 5440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:16:41.0528 5440 MSTEE - ok
12:16:41.0548 5440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:16:41.0578 5440 MTConfig - ok
12:16:41.0593 5440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:16:41.0611 5440 Mup - ok
12:16:41.0643 5440 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:16:41.0935 5440 mwlPSDFilter - ok
12:16:41.0981 5440 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:16:42.0266 5440 mwlPSDNServ - ok
12:16:42.0309 5440 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:16:42.0607 5440 mwlPSDVDisk - ok
12:16:42.0695 5440 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
12:16:42.0727 5440 MWLService - ok
12:16:42.0764 5440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:16:42.0815 5440 napagent - ok
12:16:42.0847 5440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:16:42.0883 5440 NativeWifiP - ok
12:16:42.0922 5440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:16:42.0951 5440 NDIS - ok
12:16:42.0967 5440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:16:43.0007 5440 NdisCap - ok
12:16:43.0031 5440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:16:43.0103 5440 NdisTapi - ok
12:16:43.0128 5440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:16:43.0196 5440 Ndisuio - ok
12:16:43.0232 5440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:16:43.0307 5440 NdisWan - ok
12:16:43.0340 5440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:16:43.0377 5440 NDProxy - ok
12:16:43.0392 5440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:16:43.0433 5440 NetBIOS - ok
12:16:43.0468 5440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:16:43.0544 5440 NetBT - ok
12:16:43.0557 5440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:16:43.0569 5440 Netlogon - ok
12:16:43.0608 5440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:16:43.0665 5440 Netman - ok
12:16:43.0711 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:43.0743 5440 NetMsmqActivator - ok
12:16:43.0747 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:43.0756 5440 NetPipeActivator - ok
12:16:43.0764 5440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:16:43.0820 5440 netprofm - ok
12:16:43.0824 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:43.0834 5440 NetTcpActivator - ok
12:16:43.0838 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:43.0847 5440 NetTcpPortSharing - ok
12:16:43.0876 5440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:16:43.0891 5440 nfrd960 - ok
12:16:43.0910 5440 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:16:43.0945 5440 NlaSvc - ok
12:16:43.0983 5440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:16:44.0025 5440 Npfs - ok
12:16:44.0039 5440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:16:44.0083 5440 nsi - ok
12:16:44.0098 5440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:16:44.0152 5440 nsiproxy - ok
12:16:44.0221 5440 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:16:44.0332 5440 Ntfs - ok
12:16:44.0381 5440 [ 6FD534EDE2905D3C3257CFDD881F9705 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:16:44.0401 5440 NTI IScheduleSvc - ok
12:16:44.0440 5440 [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:16:44.0457 5440 NTIBackupSvc - ok
12:16:44.0481 5440 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
12:16:44.0762 5440 NTIDrvr - ok
12:16:44.0818 5440 [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:16:44.0835 5440 NTISchedulerSvc - ok
12:16:44.0843 5440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:16:44.0898 5440 Null - ok
12:16:44.0932 5440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:16:44.0949 5440 nvraid - ok
12:16:44.0990 5440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:16:45.0008 5440 nvstor - ok
12:16:45.0051 5440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:16:45.0068 5440 nv_agp - ok
12:16:45.0140 5440 [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
12:16:45.0429 5440 ODDPwrSvc - ok
12:16:45.0487 5440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:16:45.0518 5440 ohci1394 - ok
12:16:45.0558 5440 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:45.0588 5440 ose - ok
12:16:45.0728 5440 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:16:45.0963 5440 osppsvc - ok
12:16:45.0992 5440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:16:46.0006 5440 p2pimsvc - ok
12:16:46.0027 5440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:16:46.0069 5440 p2psvc - ok
12:16:46.0095 5440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:16:46.0113 5440 Parport - ok
12:16:46.0147 5440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:16:46.0176 5440 partmgr - ok
12:16:46.0187 5440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:16:46.0217 5440 PcaSvc - ok
12:16:46.0260 5440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:16:46.0284 5440 pci - ok
12:16:46.0324 5440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:16:46.0350 5440 pciide - ok
12:16:46.0373 5440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:16:46.0396 5440 pcmcia - ok
12:16:46.0411 5440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:16:46.0427 5440 pcw - ok
12:16:46.0451 5440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:16:46.0535 5440 PEAUTH - ok
12:16:46.0627 5440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:16:46.0664 5440 PerfHost - ok
12:16:46.0725 5440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:16:46.0827 5440 pla - ok
12:16:46.0858 5440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:16:46.0912 5440 PlugPlay - ok
12:16:46.0932 5440 PnkBstrA - ok
12:16:46.0948 5440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:16:46.0989 5440 PNRPAutoReg - ok
12:16:47.0015 5440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:16:47.0034 5440 PNRPsvc - ok
12:16:47.0054 5440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:16:47.0101 5440 PolicyAgent - ok
12:16:47.0131 5440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:16:47.0177 5440 Power - ok
12:16:47.0217 5440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:16:47.0256 5440 PptpMiniport - ok
12:16:47.0279 5440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:16:47.0310 5440 Processor - ok
12:16:47.0352 5440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:16:47.0393 5440 ProfSvc - ok
12:16:47.0401 5440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:16:47.0415 5440 ProtectedStorage - ok
12:16:47.0457 5440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:16:47.0532 5440 Psched - ok
12:16:47.0572 5440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:16:47.0633 5440 ql2300 - ok
12:16:47.0651 5440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:16:47.0668 5440 ql40xx - ok
12:16:47.0703 5440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:16:47.0757 5440 QWAVE - ok
12:16:47.0768 5440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:16:47.0802 5440 QWAVEdrv - ok
12:16:47.0814 5440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:16:47.0870 5440 RasAcd - ok
12:16:47.0909 5440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:16:47.0962 5440 RasAgileVpn - ok
12:16:47.0978 5440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:16:48.0033 5440 RasAuto - ok
12:16:48.0071 5440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:16:48.0111 5440 Rasl2tp - ok
12:16:48.0152 5440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:16:48.0251 5440 RasMan - ok
12:16:48.0278 5440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:16:48.0337 5440 RasPppoe - ok
12:16:48.0353 5440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:16:48.0393 5440 RasSstp - ok
12:16:48.0425 5440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:16:48.0485 5440 rdbss - ok
12:16:48.0489 5440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:16:48.0519 5440 rdpbus - ok
12:16:48.0535 5440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:16:48.0579 5440 RDPCDD - ok
12:16:48.0648 5440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:16:48.0724 5440 RDPENCDD - ok
12:16:48.0748 5440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:16:48.0800 5440 RDPREFMP - ok
12:16:48.0830 5440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:16:48.0851 5440 RDPWD - ok
12:16:48.0898 5440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:16:48.0934 5440 rdyboost - ok
12:16:48.0964 5440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:16:49.0029 5440 RemoteAccess - ok
12:16:49.0057 5440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:16:49.0114 5440 RemoteRegistry - ok
12:16:49.0155 5440 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:16:49.0186 5440 RFCOMM - ok
12:16:49.0198 5440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:16:49.0255 5440 RpcEptMapper - ok
12:16:49.0277 5440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:16:49.0314 5440 RpcLocator - ok
12:16:49.0360 5440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:16:49.0442 5440 RpcSs - ok
12:16:49.0501 5440 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
12:16:49.0545 5440 RsFx0103 - ok
12:16:49.0581 5440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:16:49.0638 5440 rspndr - ok
12:16:49.0706 5440 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
12:16:49.0994 5440 RS_Service - ok
12:16:50.0034 5440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:16:50.0044 5440 SamSs - ok
12:16:50.0067 5440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:16:50.0084 5440 sbp2port - ok
12:16:50.0102 5440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:16:50.0167 5440 SCardSvr - ok
12:16:50.0197 5440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:16:50.0240 5440 scfilter - ok
12:16:50.0289 5440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:16:50.0420 5440 Schedule - ok
12:16:50.0457 5440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:16:50.0489 5440 SCPolicySvc - ok
12:16:50.0521 5440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:16:50.0575 5440 SDRSVC - ok
12:16:50.0600 5440 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:16:50.0660 5440 secdrv - ok
12:16:50.0687 5440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:16:50.0736 5440 seclogon - ok
12:16:50.0765 5440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:16:50.0816 5440 SENS - ok
12:16:50.0842 5440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:16:50.0866 5440 SensrSvc - ok
12:16:50.0878 5440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:16:50.0904 5440 Serenum - ok
12:16:50.0928 5440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:16:50.0948 5440 Serial - ok
12:16:50.0973 5440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:16:50.0991 5440 sermouse - ok
12:16:51.0032 5440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:16:51.0091 5440 SessionEnv - ok
12:16:51.0124 5440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:16:51.0149 5440 sffdisk - ok
12:16:51.0158 5440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:16:51.0182 5440 sffp_mmc - ok
12:16:51.0193 5440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:16:51.0218 5440 sffp_sd - ok
12:16:51.0229 5440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:16:51.0246 5440 sfloppy - ok
12:16:51.0293 5440 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:16:51.0324 5440 Sftfs - ok
12:16:51.0374 5440 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:16:51.0405 5440 sftlist - ok
12:16:51.0424 5440 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:16:51.0440 5440 Sftplay - ok
12:16:51.0453 5440 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:16:51.0463 5440 Sftredir - ok
12:16:51.0472 5440 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:16:51.0483 5440 Sftvol - ok
12:16:51.0491 5440 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:16:51.0501 5440 sftvsa - ok
12:16:51.0538 5440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:16:51.0646 5440 SharedAccess - ok
12:16:51.0680 5440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:16:51.0740 5440 ShellHWDetection - ok
12:16:51.0766 5440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:16:51.0781 5440 SiSRaid2 - ok
12:16:51.0798 5440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:16:51.0814 5440 SiSRaid4 - ok
12:16:51.0857 5440 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:16:51.0911 5440 SkypeUpdate - ok
12:16:51.0936 5440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:16:51.0976 5440 Smb - ok
12:16:52.0026 5440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:16:52.0062 5440 SNMPTRAP - ok
12:16:52.0065 5440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:16:52.0082 5440 spldr - ok
12:16:52.0122 5440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:16:52.0169 5440 Spooler - ok
12:16:52.0266 5440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:16:52.0397 5440 sppsvc - ok
12:16:52.0412 5440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:16:52.0451 5440 sppuinotify - ok
12:16:52.0544 5440 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:16:52.0597 5440 SQLAgent$SQLEXPRESS - ok
12:16:52.0648 5440 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:16:52.0689 5440 SQLBrowser - ok
12:16:52.0732 5440 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:16:52.0746 5440 SQLWriter - ok
12:16:52.0782 5440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:16:52.0819 5440 srv - ok
12:16:52.0842 5440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:16:52.0903 5440 srv2 - ok
12:16:52.0924 5440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:16:52.0959 5440 srvnet - ok
12:16:52.0989 5440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:16:53.0046 5440 SSDPSRV - ok
12:16:53.0059 5440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:16:53.0100 5440 SstpSvc - ok
12:16:53.0126 5440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:16:53.0148 5440 stexstor - ok
12:16:53.0184 5440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:16:53.0220 5440 stisvc - ok
12:16:53.0250 5440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:16:53.0274 5440 swenum - ok
12:16:53.0292 5440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:16:53.0357 5440 swprv - ok
12:16:53.0410 5440 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:16:53.0707 5440 SynTP - ok
12:16:53.0773 5440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:16:53.0846 5440 SysMain - ok
12:16:53.0873 5440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:16:53.0915 5440 TabletInputService - ok
12:16:53.0953 5440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:16:54.0044 5440 TapiSrv - ok
12:16:54.0059 5440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:16:54.0107 5440 TBS - ok
12:16:54.0184 5440 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:16:54.0316 5440 Tcpip - ok
12:16:54.0358 5440 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:16:54.0394 5440 TCPIP6 - ok
12:16:54.0433 5440 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:16:54.0449 5440 tcpipreg - ok
12:16:54.0468 5440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:16:54.0504 5440 TDPIPE - ok
12:16:54.0536 5440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:16:54.0561 5440 TDTCP - ok
12:16:54.0611 5440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:16:54.0700 5440 tdx - ok
12:16:54.0729 5440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:16:54.0749 5440 TermDD - ok
12:16:54.0769 5440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:16:54.0834 5440 TermService - ok
12:16:54.0847 5440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:16:54.0885 5440 Themes - ok
12:16:54.0915 5440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:16:54.0950 5440 THREADORDER - ok
12:16:54.0969 5440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:16:55.0020 5440 TrkWks - ok
12:16:55.0082 5440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:16:55.0130 5440 TrustedInstaller - ok
12:16:55.0160 5440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:16:55.0197 5440 tssecsrv - ok
12:16:55.0247 5440 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:16:55.0289 5440 TsUsbFlt - ok
12:16:55.0322 5440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:16:55.0395 5440 tunnel - ok
12:16:55.0430 5440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:16:55.0445 5440 uagp35 - ok
12:16:55.0473 5440 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:16:55.0751 5440 UBHelper - ok
12:16:55.0782 5440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:16:55.0833 5440 udfs - ok
12:16:55.0845 5440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:16:55.0872 5440 UI0Detect - ok
12:16:55.0890 5440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:16:55.0905 5440 uliagpkx - ok
12:16:55.0950 5440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:16:55.0979 5440 umbus - ok
12:16:56.0001 5440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:16:56.0015 5440 UmPass - ok
12:16:56.0126 5440 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:16:56.0208 5440 UNS ( UnsignedFile.Multi.Generic ) - warning
12:16:56.0208 5440 UNS - detected UnsignedFile.Multi.Generic (1)
12:16:56.0250 5440 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:16:56.0541 5440 Updater Service - ok
12:16:56.0582 5440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:16:56.0673 5440 upnphost - ok
12:16:56.0695 5440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:16:56.0712 5440 usbccgp - ok
12:16:56.0744 5440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:16:56.0783 5440 usbcir - ok
12:16:56.0820 5440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:16:56.0846 5440 usbehci - ok
12:16:56.0863 5440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:16:56.0890 5440 usbhub - ok
12:16:56.0904 5440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:16:56.0932 5440 usbohci - ok
12:16:56.0960 5440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:16:56.0983 5440 usbprint - ok
12:16:57.0040 5440 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:16:57.0075 5440 usbscan - ok
12:16:57.0097 5440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:16:57.0112 5440 USBSTOR - ok
12:16:57.0130 5440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:16:57.0149 5440 usbuhci - ok
12:16:57.0177 5440 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:16:57.0215 5440 usbvideo - ok
12:16:57.0232 5440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:16:57.0286 5440 UxSms - ok
12:16:57.0311 5440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:16:57.0325 5440 VaultSvc - ok
12:16:57.0333 5440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:16:57.0350 5440 vdrvroot - ok
12:16:57.0397 5440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:16:57.0477 5440 vds - ok
12:16:57.0523 5440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:16:57.0555 5440 vga - ok
12:16:57.0571 5440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:16:57.0634 5440 VgaSave - ok
12:16:57.0656 5440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:16:57.0681 5440 vhdmp - ok
12:16:57.0694 5440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:16:57.0708 5440 viaide - ok
12:16:57.0722 5440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:16:57.0738 5440 volmgr - ok
12:16:57.0773 5440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:16:57.0802 5440 volmgrx - ok
12:16:57.0814 5440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:16:57.0838 5440 volsnap - ok
12:16:57.0868 5440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:16:57.0889 5440 vsmraid - ok
12:16:57.0942 5440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:16:58.0029 5440 VSS - ok
12:16:58.0043 5440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:16:58.0060 5440 vwifibus - ok
12:16:58.0085 5440 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:16:58.0119 5440 vwififlt - ok
12:16:58.0143 5440 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:16:58.0173 5440 vwifimp - ok
12:16:58.0214 5440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:16:58.0303 5440 W32Time - ok
12:16:58.0317 5440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:16:58.0338 5440 WacomPen - ok
12:16:58.0365 5440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:16:58.0415 5440 WANARP - ok
12:16:58.0418 5440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:16:58.0453 5440 Wanarpv6 - ok
12:16:58.0536 5440 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:16:58.0619 5440 WatAdminSvc - ok
12:16:58.0674 5440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:16:58.0813 5440 wbengine - ok
12:16:58.0837 5440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:16:58.0890 5440 WbioSrvc - ok
12:16:58.0921 5440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:16:58.0984 5440 wcncsvc - ok
12:16:59.0003 5440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:16:59.0041 5440 WcsPlugInService - ok
12:16:59.0061 5440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:16:59.0083 5440 Wd - ok
12:16:59.0136 5440 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:16:59.0233 5440 Wdf01000 - ok
12:16:59.0242 5440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:16:59.0266 5440 WdiServiceHost - ok
12:16:59.0269 5440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:16:59.0287 5440 WdiSystemHost - ok
12:16:59.0316 5440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:16:59.0346 5440 WebClient - ok
12:16:59.0361 5440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:16:59.0406 5440 Wecsvc - ok
12:16:59.0422 5440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:16:59.0473 5440 wercplsupport - ok
12:16:59.0492 5440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:16:59.0532 5440 WerSvc - ok
12:16:59.0549 5440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:16:59.0597 5440 WfpLwf - ok
12:16:59.0612 5440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:16:59.0627 5440 WIMMount - ok
12:16:59.0649 5440 WinDefend - ok
12:16:59.0654 5440 WinHttpAutoProxySvc - ok
12:16:59.0714 5440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:16:59.0803 5440 Winmgmt - ok
12:16:59.0887 5440 WinRing0_1_2_0 - ok
12:16:59.0952 5440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:17:00.0124 5440 WinRM - ok
12:17:00.0187 5440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:17:00.0219 5440 WinUsb - ok
12:17:00.0260 5440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:17:00.0315 5440 Wlansvc - ok
12:17:00.0448 5440 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:17:00.0516 5440 wlidsvc - ok
12:17:00.0555 5440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:17:00.0574 5440 WmiAcpi - ok
12:17:00.0602 5440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:17:00.0643 5440 wmiApSrv - ok
12:17:00.0678 5440 WMPNetworkSvc - ok
12:17:00.0693 5440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:17:00.0720 5440 WPCSvc - ok
12:17:00.0752 5440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:17:00.0788 5440 WPDBusEnum - ok
12:17:00.0822 5440 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:17:00.0878 5440 ws2ifsl - ok
12:17:00.0893 5440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:17:00.0929 5440 wscsvc - ok
12:17:00.0980 5440 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:17:01.0012 5440 WSDPrintDevice - ok
12:17:01.0024 5440 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:17:01.0041 5440 WSDScan - ok
12:17:01.0044 5440 WSearch - ok
12:17:01.0125 5440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:17:01.0220 5440 wuauserv - ok
12:17:01.0252 5440 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:17:01.0269 5440 WudfPf - ok
12:17:01.0297 5440 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:17:01.0319 5440 WUDFRd - ok
12:17:01.0350 5440 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:17:01.0393 5440 wudfsvc - ok
12:17:01.0422 5440 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:17:01.0456 5440 WwanSvc - ok
12:17:01.0491 5440 ================ Scan global ===============================
12:17:01.0516 5440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:17:01.0553 5440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:17:01.0576 5440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:17:01.0600 5440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:17:01.0645 5440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:17:01.0659 5440 [Global] - ok
12:17:01.0660 5440 ================ Scan MBR ==================================
12:17:01.0676 5440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:17:02.0185 5440 \Device\Harddisk0\DR0 - ok
12:17:02.0191 5440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
12:17:02.0363 5440 \Device\Harddisk1\DR2 - ok
12:17:02.0363 5440 ================ Scan VBR ==================================
12:17:02.0368 5440 [ D71A1946B7BA38F3D611CBAD2247EE46 ] \Device\Harddisk0\DR0\Partition1
12:17:02.0370 5440 \Device\Harddisk0\DR0\Partition1 - ok
12:17:02.0400 5440 [ 4E6541791AD515312D588F331176E411 ] \Device\Harddisk0\DR0\Partition2
12:17:02.0403 5440 \Device\Harddisk0\DR0\Partition2 - ok
12:17:02.0409 5440 [ 6401484706DCAAFEC1D3D70C83FD2698 ] \Device\Harddisk1\DR2\Partition1
12:17:02.0410 5440 \Device\Harddisk1\DR2\Partition1 - ok
12:17:02.0411 5440 ============================================================
12:17:02.0411 5440 Scan finished
12:17:02.0411 5440 ============================================================
12:17:02.0425 2936 Detected object count: 6
12:17:02.0425 2936 Actual detected object count: 6
12:17:18.0504 2936 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0504 2936 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:18.0505 2936 amdkmdag ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0505 2936 amdkmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:18.0507 2936 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0507 2936 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:18.0509 2936 intelkmd ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0509 2936 intelkmd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:18.0515 2936 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0515 2936 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:18.0516 2936 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0517 2936 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:26.0789 5232 Deinitialize success
|
|
06.06.2013, 11:34
| #6 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hi, Scan mit Combofix
__________________ --> Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert |
|
06.06.2013, 11:49
| #7 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert So hier ist die file: Code:
ATTFilter ComboFix 13-06-05.05 - bella 06.06.2013 12:41:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2182 [GMT 2:00]
ausgeführt von:: c:\users\bella\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\bella\AppData\Local\Temp\{A3B342FB-DF83-4578-AB1C-C582BFECD48E}\fpb.tmp
c:\users\bella\Documents\~WRL0005.tmp
c:\users\bella\Documents\~WRL3035.tmp
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-06 bis 2013-06-06 ))))))))))))))))))))))))))))))
.
.
2013-06-06 10:45 . 2013-06-06 10:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-06-06 10:45 . 2013-06-06 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-06 09:49 . 2013-06-06 10:00 -------- d-----w- C:\_OTL
2013-06-04 06:24 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{543B6F4A-68D4-4D66-A735-291219D044B3}\mpengine.dll
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 07:57 . 2012-04-05 07:26 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-22 07:57 . 2011-05-21 21:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 06:25 . 2011-02-27 11:28 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-10 10:53 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-03-28 10:10 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 04:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 04:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 04:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 04:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 04:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 04:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 09:39 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:39 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:39 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:39 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-05-25 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-28 1289296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bella\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"IJNetworkScannerSelectorEX"=c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
"CanonSolutionMenuEx"=c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp;c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41529167
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - 41529167
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-06-16 20:09]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 09:39]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Gast\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Gast\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Gast\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Gast\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C35D93E-4664-469A-9D83-CE6296F1DCB7}: NameServer = 212.91.97.3 212.91.97.4
FF - ProfilePath - c:\users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4231142365-926387790-2957516751-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-06 12:47:14
ComboFix-quarantined-files.txt 2013-06-06 10:47
.
Vor Suchlauf: 12 Verzeichnis(se), 663.984.234.496 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 663.451.906.048 Bytes frei
.
- - End Of File - - 5A1EAB5DF060720D1D6142E53F034E9A
|
|
06.06.2013, 11:50
| #8 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2013, 12:03
| #9 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziertCode:
ATTFilter ComboFix 13-06-05.05 - bella 06.06.2013 12:54:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3767.2030 [GMT 2:00]
ausgeführt von:: c:\users\bella\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-06 bis 2013-06-06 ))))))))))))))))))))))))))))))
.
.
2013-06-06 10:57 . 2013-06-06 10:57 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-06-06 10:57 . 2013-06-06 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-06 09:49 . 2013-06-06 10:00 -------- d-----w- C:\_OTL
2013-06-04 06:24 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{543B6F4A-68D4-4D66-A735-291219D044B3}\mpengine.dll
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 07:57 . 2012-04-05 07:26 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-22 07:57 . 2011-05-21 21:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 06:25 . 2011-02-27 11:28 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-10 10:53 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-03-28 10:10 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 04:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 04:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 04:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 04:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 04:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 04:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 09:39 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:39 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:39 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:39 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-05-25 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-28 1289296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bella\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"IJNetworkScannerSelectorEX"=c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
"CanonSolutionMenuEx"=c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp;c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41529167
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - 41529167
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-06-16 20:09]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 09:39]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Gast\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-22 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-22 2040352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-06-11 496160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 417304]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6C35D93E-4664-469A-9D83-CE6296F1DCB7}: NameServer = 212.91.97.3 212.91.97.4
FF - ProfilePath - c:\users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\
FF - prefs.js: browser.startup.homepage - hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27360211r016l04e3z165t4701m505
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\bella\AppData\Local\Temp\tmpC0FD.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4231142365-926387790-2957516751-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-06 12:59:24
ComboFix-quarantined-files.txt 2013-06-06 10:59
ComboFix2.txt 2013-06-06 10:47
.
Vor Suchlauf: 18 Verzeichnis(se), 663.517.134.848 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 663.849.496.576 Bytes frei
.
- - End Of File - - 343958F2978E583EE07EB54CA976A0DB
|
|
06.06.2013, 12:06
| #10 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2013, 13:24
| #11 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziertCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 bella :: 1234-PC [Administrator] 06.06.2013 13:12:44 mbam-log-2013-06-06 (13-12-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397533 Laufzeit: 1 Stunde(n), 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles.zip (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06062013_114954\C_Users\bella\AppData\Roaming\ahR4dRV\ahR4dRV.exe (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. |
|
08.06.2013, 16:25
| #12 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 19:22
| #13 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziertCode:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 30.11.2012 4,53MB 9.20.00.0; notwendig AC3Filter 1.63b Alexander Vigovsky 24.03.2013 1.63b; notwendig Acer 3G Connection Manager Acer Incorporated 25.09.2010 2.00.3002; notwendig Acer Backup Manager NewTech Infosystems 02.07.2010 27,5MB 2.0.0.63; notwendig Acer Crystal Eye webcam Liteon 25.09.2010 2,92MB 1.0.3.5; notwendig Acer eRecovery Management Acer Incorporated 02.07.2010 4.05.3013; notwendig Acer PowerSmart Manager Acer Incorporated 25.09.2010 5.02.3004; notwendig Acer Registration Acer Incorporated 25.09.2010 1.03.3003; notwendig Acer Updater Acer Incorporated 02.07.2010 1.02.3001; notwendig Acer VCM Acer Incorporated 02.07.2010 4.05.3002; notwendig Acrobat.com Adobe Systems Incorporated 02.07.2010 1,60MB 1.6.65; notwendig Adobe AIR Adobe Systems Inc. 02.07.2010 1.5.0.7220 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 05.05.2012 6,00MB 11.2.202.235; notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 22.05.2013 6,00MB 11.7.700.202; notwendig Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 15.05.2013 122MB 10.1.7; notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 28.03.2012 11.6.4.634; notwendig Alcor Micro USB Card Reader Alcor Micro Corp. 02.07.2010 2,86MB 1.2.17.05001; notwendig Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 02.07.2010 1.0.0.23; notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 20.09.2012 22,4MB 3.0.829.0; notwendig Avira Free Antivirus Avira 15.11.2012 109MB 12.1.9.1236; notwendig Canon Easy-PhotoPrint EX 17.09.2012; notwendig Canon Easy-WebPrint EX 17.09.2012; notwendig Canon IJ Network Scanner Selector EX 17.09.2012; notwendig Canon IJ Network Tool 17.09.2012; notwendig Canon MG5300 series Benutzerregistrierung 17.09.2012; notwendig Canon MG5300 series MP Drivers 17.09.2012 ; notwendig Canon MP Navigator EX 5.0 17.09.2012 ; notwendig Canon My Printer 17.09.2012 ; notwendig Canon Solution Menu EX 17.09.2012 ; notwendig CCleaner Piriform 24.05.2013 4.02; notwendig CDBurnerXP CDBurnerXP 22.11.2011 17,2MB 4.3.9.2809; notwendig Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 14.10.2011 10,6MB 5.0.7; notwendig DivX-Setup DivX, LLC 18.05.2013 2.6.1.41; notwendig Glary Utilities 2.54.0.1759 Glarysoft Ltd 29.03.2013 19,1MB 2.54.0.1759; notwendig Google Earth Plug-in Google 22.03.2013 80,7MB 7.0.3.8542; notwendig Identity Card Acer Incorporated 25.09.2010 1.00.3003; notwendig Intel(R) Control Center Intel Corporation 28.02.2011 1.2.1.1007; notwendig Intel(R) Management Engine Components Intel Corporation 25.09.2010 6.0.0.1179; notwendig Intel(R) Rapid Storage Technology Intel Corporation 26.09.2010 9.6.0.1014; notwendig Intel(R) Turbo Boost Technology Driver Intel Corporation 26.09.2010 01.00.01.1002; notwendig Java 7 Update 17 Oracle 06.03.2013 129MB 7.0.170; notwendig Java(TM) 6 Update 31 (64-bit) Oracle 22.03.2012 91,8MB 6.0.310; notwendig Launch Manager Acer Inc. 02.03.2011 4.0.5; notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 06.06.2013 19,2MB 1.75.0.1300; notwendig MATHPROF 4.0 ReduSoft Ltd. 10.06.2012 26,4MB 4.00.0000;unnötig Microsoft .NET Framework 1.1 Microsoft 26.02.2011 34,8MB 1.1.4322 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.03.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 11.05.2012 2,93MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 11.05.2012 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 11.05.2012 10,6MB 4.0.30319 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 11.05.2012 83,4MB 4.0.30319 Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 13.11.2012 1,95MB 1.0.30319 Microsoft Help Viewer 1.1 Microsoft Corporation 05.10.2012 3,97MB 1.1.40219 Microsoft Office 2010 Microsoft Corporation 25.09.2010 6,31MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 28.02.2011 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 28.02.2011 14.0.4763.1000 Microsoft Office Word Viewer 2003 Microsoft Corporation 16.05.2013 94,1MB 11.0.8173.0 Microsoft PowerPoint Viewer Microsoft Corporation 12.12.2012 206MB 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 14.03.2013 50,6MB 5.1.20125.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.09.2010 1,72MB 3.1.0000 Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 13.11.2012 Microsoft SQL Server 2008 Browser Microsoft Corporation 13.11.2012 8,00MB 10.1.2531.0 Microsoft SQL Server 2008 Native Client Microsoft Corporation 13.11.2012 7,07MB 10.1.2531.0 Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 05.10.2012 14,4MB 10.50.1750.9 Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 11.05.2012 3,69MB 3.5.8080.0 Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 11.05.2012 4,81MB 3.5.8080.0 Microsoft SQL Server System CLR Types Microsoft Corporation 05.10.2012 951KB 10.50.1750.9 Microsoft SQL Server VSS Writer Microsoft Corporation 13.11.2012 3,59MB 10.1.2531.0 Microsoft Visual C# 2010 Express - DEU Microsoft Corporation 14.11.2012 10.0.30319 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 27.02.2011 260KB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.01.2012 250KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.59193 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 09.11.2012 3,00MB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 09.11.2012 252KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 28.02.2011 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.07.2010 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.02.2011 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 13.01.2013 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Corporation 05.10.2012 33,4MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.01.2013 12,2MB 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 05.10.2012 15,9MB 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 05.10.2012 36,0MB 10.0.40219 Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU Microsoft Corporation 05.10.2012 21,6MB 10.0.40219 Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 05.10.2012 75,9MB 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 13.01.2013 10.0.40303 Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Corporation 13.01.2013 10.0.40303 Mozilla Firefox 21.0 (x86 de) Mozilla 23.05.2013 46,1MB 21.0; notwendig Mozilla Maintenance Service Mozilla 23.05.2013 333KB 21.0; notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 27.02.2011 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.02.2011 1,33MB 4.20.9876.0 MyWinLocker Suite Egis Technology Inc. 02.07.2010 2,20MB 3.1.212.0; notwendig NTI Backup Now 5 NewTech Infosystems 02.07.2010 467MB 5.1.2.630;unnötig NTI Media Maker 8 NewTech Infosystems 02.07.2010 773MB 8.0.12.6636; unnötig OpenOffice.org 3.4.1 Apache Software Foundation 04.10.2012 331MB 3.41.9593; notwendig Optical Drive Power Management Acer Incorporated 02.07.2010 1.01.3007; notwendig PDFCreator Frank Heindörfer, Philip Chinery 13.07.2011 1.2.1; notwendig PunkBuster Services Even Balance, Inc. 26.02.2011 0.986; unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.07.2010 6.0.1.6096; notwendig Skype™ 5.10 Skype Technologies S.A. 14.09.2012 19,4MB 5.10.116; notwendig Synaptics Pointing Device Driver Synaptics Incorporated 25.09.2010; notwendig 14.0.6.0 Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 13.11.2012 33,7MB 10.1.2731.0 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 11.05.2012 11,1MB 4.0.8080.0 VLC media player 2.0.1 VideoLAN 17.06.2012 2.0.1; notwendig Welcome Center Acer Incorporated 25.09.2010 1.02.3002; notwendig WIDCOMM Bluetooth Software Broadcom Corporation 25.09.2010 183MB 6.3.0.4300; notwendig Windows 7 Upgrade Advisor Microsoft Corporation 02.03.2011 9,53MB 2.0.5000.0; notwendig Windows Live Essentials Microsoft Corporation 21.05.2012 15.4.3555.0308; notwendig Windows Live Sync Microsoft Corporation 25.09.2010 2,79MB 14.0.8089.726; notwendig Windows Media Player Firefox Plugin Microsoft Corp 14.05.2011 296KB 1.0.0.8; notwendig |
|
08.06.2013, 19:29
| #14 |
| /// Malware-holic | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Glary Utilities : finger weg da bitte von der Registry, da reinigt man nichts, das bringt nihcts und kann später mal, wenn ein falscher Eintrag gelöscht wurde, schaden. Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: MATHPROF NTI : beide Öffne ccleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 22:02
| #15 |
| | Laptop (Win 7, 64bit) von "System Doktor 2014" infiziertCode:
ATTFilter # AdwCleaner v2.303 - Datei am 08/06/2013 um 22:54:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : bella - 1234-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\bella\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\bella\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\0o4p1rh3.Standard-Benutzer\extensions\ffxtlbr@incredibar.com
Ordner Gelöscht : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\jetpack
Ordner Gelöscht : C:\Users\bella\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\0o4p1rh3.Standard-Benutzer\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\3dmn4gai.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e8msacpj.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1930 octets] - [08/06/2013 22:54:47]
########## EOF - C:\AdwCleaner[S1].txt - [1990 octets] ##########
|
|
| Themen zu Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert |
| 7-zip, antivir, autorun, bella, bho, cloud, error, firefox, flash player, iexplore.exe, igdpmd64.sys, install.exe, launch, microsoft office starter 2010, phishing, plug-in, pmmupdate.exe, problem, programm, realtek, registry, richtlinie, rundll, s3.amazonaws.com, scan, security, server, software, svchost.exe, system, system doktor 2014, visual studio, windows |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
