| |
| |||||||
Log-Analyse und Auswertung: Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.06.2013, 19:48
| #1 |
| |  Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Seit einiger Zeit habe ich auf meinen Netbook mit hoher CPU-Last zu kämpfen. Der Lüfter läuft dauerhaft, der Rechner reagiert oft träge und hängt sich manchmal (wegen Überhitzung) auf. Ich vermute, dass irgendein Programm oder sogar ein Trojaner hier Amok läuft. Ich würde mich freuen, wenn mir jemand von Euch bei der Analyse des Problems hilft. Nachfolgend die üblichen Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 13.06.2013 20:28:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free 3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS Computer Name: GONZO | User Name: eg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.13 19:58:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\eg\Downloads\OTL.exe PRC - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.16 14:59:48 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.16 14:59:38 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2011.03.03 20:40:30 | 000,619,288 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.02 20:15:49 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.08.10 00:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010.06.12 06:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2010.06.10 09:57:18 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.06.09 23:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010.05.21 14:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 19:36:37 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 19:31:17 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.10 20:56:08 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.15 23:37:43 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.01.26 20:18:14 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.20 21:16:33 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.20 21:15:55 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.20 21:13:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.20 21:13:13 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.20 21:12:24 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\eg\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.30 15:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe MOD - [2010.05.21 14:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013.06.12 19:15:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.25 11:52:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 15:00:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.16 14:59:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2010.09.30 15:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys -- (SANDRA) DRV - [2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis) DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2012.04.25 09:03:28 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2011.08.03 13:50:00 | 000,023,144 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2011.05.18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.02.10 18:54:46 | 000,684,664 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.05.10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 20:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 20:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes,DefaultScope = {040A2185-BD8C-4711-BC4B-45E44F4A4963} IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{040A2185-BD8C-4711-BC4B-45E44F4A4963}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{3334E1F6-0B59-4D23-AAB7-2C1082B77840}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2013052901 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: syncplaces@andyhalford.com:4.1.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.29 13:51:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 11:52:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.25 11:51:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:44:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions [2011.02.21 21:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.06.06 07:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions [2012.10.16 20:18:13 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eg\AppData\Roaming\mozilla\Firefox\Profiles\13xvkj54.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.05.25 10:47:57 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\firebug@software.joehewitt.com.xpi [2013.06.06 07:47:12 | 001,236,277 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\treestyletab@piro.sakura.ne.jp.xpi [2013.05.13 07:43:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.06 07:47:12 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.05.25 11:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.05.25 11:52:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: AdBlock = C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found O4 - HKLM..\Run: [CompeGPSDev] File not found O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O4 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5500A6FB-91F4-40E5-84B8-FAB7BFDE3D5C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89B42C82-1942-4E9A-B100-655B02177761}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9138DA-0A54-4A44-BFF9-DEE87921520A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell - "" = AutoRun O33 - MountPoints2\{b93ae107-bd6e-11e2-9ac1-20cf307c54be}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.01 15:18:28 | 000,000,000 | -HSD | C] -- C:\Boot [2013.06.03 20:13:45 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\.elfohilfe [2013.05.25 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.16 21:13:22 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.16 15:12:49 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Avira [2013.05.16 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.16 15:06:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.16 15:06:13 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.16 15:06:13 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.16 15:06:13 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.16 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.16 14:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.05.15 17:29:56 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Local\LG Electronics [2013.05.15 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\eg\Documents\LG OSP [2013.05.15 17:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG On-Screen Phone [2013.05.15 17:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics [2013.05.15 15:03:15 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Mp3tag [2013.05.15 15:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013.05.15 15:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag [2013.05.15 10:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2013.05.15 10:54:59 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013.05.15 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2013.05.15 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Winamp [2013.05.15 10:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2013.05.15 10:25:16 | 000,000,000 | ---D | C] -- C:\Users\eg\.local [2013.05.15 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\eg\AppData\Roaming\Amarok [2013.05.15 10:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amarok [2013.05.15 08:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013.06.13 20:14:28 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.13 19:53:12 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 19:00:06 | 000,010,016 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.13 18:52:40 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.13 18:44:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.13 07:09:14 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.06.13 07:09:14 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.06.13 07:09:13 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.06.13 07:09:13 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.06.13 06:50:04 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 07:21:05 | 000,021,796 | ---- | M] () -- C:\Users\eg\Desktop\feierabendrunde.GPX [2013.06.06 20:20:10 | 132,599,746 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.06.06 18:54:47 | 000,007,598 | ---- | M] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg [2013.06.06 18:00:42 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.26 12:23:05 | 000,000,297 | ---- | M] () -- C:\Users\eg\AppData\Roaming\rftg [2013.05.16 21:12:49 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys [2013.05.16 19:24:09 | 000,423,664 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.05.16 15:01:08 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013.05.16 15:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013.05.16 15:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013.05.16 15:01:06 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013.05.16 14:56:57 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif [2013.05.15 16:54:40 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.15 14:24:22 | 000,014,347 | ---- | M] () -- C:\Users\eg\AppData\Local\recently-used.xbel ========== Files Created - No Company Name ========== [2030.01.01 15:18:28 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2019.10.03 20:11:49 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2.lnk [2013.06.10 07:21:05 | 000,021,796 | ---- | C] () -- C:\Users\eg\Desktop\feierabendrunde.GPX [2013.06.06 07:45:09 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.15 16:54:40 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.15 14:24:22 | 000,014,347 | ---- | C] () -- C:\Users\eg\AppData\Local\recently-used.xbel [2013.04.28 12:54:03 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt_save_v8.db [2013.03.07 22:49:15 | 000,577,536 | ---- | C] () -- C:\windows\System32\ChilkatCsv.dll [2012.06.13 14:42:27 | 000,003,584 | ---- | C] () -- C:\Users\eg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.12 10:16:27 | 000,011,264 | ---- | C] () -- C:\Users\eg\qlgt.db [2012.01.28 10:21:04 | 000,007,598 | ---- | C] () -- C:\Users\eg\AppData\Local\Resmon.ResmonCfg [2011.09.02 09:20:13 | 000,000,297 | ---- | C] () -- C:\Users\eg\AppData\Roaming\rftg [2011.02.21 22:49:11 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Roaming\winscp.rnd [2011.02.20 13:11:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.19 17:12:23 | 000,000,600 | ---- | C] () -- C:\Users\eg\AppData\Local\PUTTY.RND [2010.09.02 20:16:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010.09.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2013.05.20 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.easytag [2011.09.04 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.kde [2013.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\.purple [2013.05.15 10:25:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Amarok [2012.12.29 13:53:37 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\APP_NAME_NON_STRING [2011.02.19 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Asus [2011.12.12 15:04:46 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\BatteryBar [2012.06.06 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Charles [2011.02.19 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.02.19 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2012.05.30 09:02:28 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dev-Cpp [2011.02.23 21:33:27 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dexpot [2013.06.13 07:33:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Dropbox [2013.04.07 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\elsterformular [2013.04.28 13:52:51 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\esri [2013.05.02 20:52:41 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\EurekaLog [2013.06.10 07:30:16 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\FileZilla [2011.06.22 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Garmin [2012.01.28 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GeoSetter [2013.04.23 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GetRightToGo [2012.08.04 08:11:39 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\GHISLER [2011.10.06 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gnupg [2013.05.20 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gsak [2012.09.12 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\gtk-2.0 [2012.11.01 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\ICAClient [2011.02.20 12:32:49 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\IrfanView [2012.01.11 22:39:56 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\LibreOffice [2011.06.29 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mobile Atlas Creator [2013.05.16 10:06:58 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Mp3tag [2013.05.13 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\MyPhoneExplorer [2012.06.14 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Notepad++ [2011.03.12 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\OpenOffice.org [2011.02.20 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Opera [2012.12.29 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\PDF Architect [2012.12.29 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\pdfforge [2011.03.18 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Subversion [2012.10.16 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\The Carbon Project [2011.02.21 21:10:36 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Thunderbird [2011.02.19 16:19:34 | 000,000,000 | ---D | M] -- C:\Users\eg\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 909 bytes -> C:\ProgramData\Temp:DFE3A43A @Alternate Data Stream - 889 bytes -> C:\ProgramData\Temp:6297627A @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.06.2013 20:28:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eg\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,27% Memory free
3,98 Gb Paging File | 2,88 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 26,09 Gb Free Space | 26,09% Space Free | Partition Type: NTFS
Drive D: | 122,51 Gb Total Space | 17,78 Gb Free Space | 14,51% Space Free | Partition Type: NTFS
Computer Name: GONZO | User Name: eg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A01358-2621-45BB-BF25-D74BD3D220F5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{1156460D-3E84-497F-8C7C-E294EE248DE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1AEC20B1-42E4-475B-8369-E1B29283D9F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E957AB1-37F6-494A-814D-7B667EC75200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{358B1C23-6DDB-413B-9D06-D5FF1B87FCF8}" = lport=138 | protocol=17 | dir=in | app=system |
"{511EE379-17BA-441C-B551-1B23983FFB47}" = lport=445 | protocol=6 | dir=in | app=system |
"{55A44C7B-1AC2-4FF8-9580-9164287E4E27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E59C946-5527-4C23-A8B1-95606F03EE47}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{6CE5FF9A-AA02-4618-9062-BD7D9490F9D3}" = rport=445 | protocol=6 | dir=out | app=system |
"{95F1ADC4-97A3-46AB-B759-7F7D925E166C}" = lport=139 | protocol=6 | dir=in | app=system |
"{960A7489-24CE-423B-AD5F-F8961215736C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2EEEBE4-7771-41C7-BDC6-84FFDBBAE9DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A864ECE1-658D-4391-AB4A-B7406D8B3848}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8F9EF69-7098-48E9-A737-B1F1B1959D28}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF40EDC5-C486-47D6-BD25-8CBFE76A36DE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x86\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E45204E-D469-4A52-A247-A64C630886EB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{4191905D-5569-4313-94E0-79713A83F30E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4BAC7B52-45D2-4BCF-BD20-3C1144B4A0DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51622140-93DA-49E7-86C3-76DA5918AF7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5B9A5092-F2B6-461D-9A4A-5617E253BB52}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5C4C9AB6-FBD0-41AA-B61C-C457D47AB5EC}" = protocol=6 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C1EA0FE-EBAD-4ACE-93D3-EE7DF9638B3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93556778-0DBB-40C0-ABD8-D10C47781CCD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{98EC341F-05DF-4F52-89A5-C7A1AF3F543C}" = protocol=17 | dir=in | app=c:\users\eg\appdata\roaming\dropbox\bin\dropbox.exe |
"{C334E5D2-21B1-4AA7-B03C-6D25926D1A01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C753CE21-D61C-44FD-BE47-9D45567A4EAC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D7A2A282-4A4A-44AD-A42F-31EDD5BCD011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D98BCA2C-4039-435F-8BE0-5B791B36AA5E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E8106E4E-BEA5-4420-971E-4188019F59F9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F867830A-72CF-4610-835F-61E3BBDD297D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC06E007-AF96-4D3F-8F0C-5468F27FB0E5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02EA4E22-A842-4130-815F-779781A8C5D7}C:\users\eg\downloads\winscp.exe" = protocol=6 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"TCP Query User{4DAAF179-2409-4063-9C94-8C60D616B969}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6C0FBDC3-DADB-4F39-9786-71456A160E79}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
"TCP Query User{72CAE42C-446B-4959-AE97-56B5918A4F9C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{B38A1931-A176-4842-80B2-78F3EF707F07}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{C5433DE0-F98B-4599-A93D-80D1C34BBE44}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E124EDDB-33AC-4EEF-A743-2C0EC85DD8D4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F9697476-9BCA-45C1-8AB3-E4E498A58354}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{30F4FCF0-2FCB-49C8-B520-FCD7873E9C35}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{3FC7955A-070F-4575-8F24-89AB827188E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{95C5B411-F950-4F80-9E5C-B566B3DFA32D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A1E2CCFF-DA77-4187-976B-3518196F21F0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{ABCC1B6E-7BDD-40D2-907B-A0B6E829623F}C:\users\eg\downloads\winscp.exe" = protocol=17 | dir=in | app=c:\users\eg\downloads\winscp.exe |
"UDP Query User{D552B1ED-5F0D-40EF-9341-FF1D32F9139D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{DC35982E-A5E1-4D79-B184-0E436F08145A}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
"UDP Query User{F57E98E6-D6D7-4B03-9505-D5C30D317FC4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}" = GraphicsSwitch
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336A2C72-3D31-42F8-B6C0-8D1135FA5B0D}" = RCH65 Spoiler Downloader
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF1B080-4BE2-4355-ABA6-7902494EA9C7}" = ArcGIS Explorer Desktop
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF16A7AB-D2FA-48E5-9251-8E4CD5C916E1}_is1" = GiMeSpace Desktop Extender 3D v3.1.0.28 (requires Vista or later, install the normal Desktop Extender when using XP!)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C067C316-4036-4E97-B013-21DCBE649F81}_is1" = Race for the Galaxy version 0.8.1
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Explorer Desktop" = ArcGIS Explorer Desktop
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompeGPS_7_5_is1" = CompeGPS LAND 7.5.2
"CompeGPS_is1" = CompeGPS LAND 7.5.2
"CompeGPSDownloader_is1" = CompeGPSDownloader version 1.13
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EasyTAG_is1" = EasyTAG 2.1
"ECW ActiveX Controls" = ECW ActiveX Controls 3.1.0.229
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"ElsterFormular" = ElsterFormular
"Ext2Fsd_is1" = Ext2Fsd 0.50
"FileZilla Client" = FileZilla Client 3.7.0.1
"GIMP-2_is1" = GIMP 2.8.2
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"GSAK_is1" = GSAK 8.2.1.180
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Kyocera Product Library" = Kyocera Product Library
"LG On-Screen Phone" = LG On-Screen Phone
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.00.1467" = Opera 12.00
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PS3 Media Server" = PS3 Media Server
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Spoiler Sync_is1" = Spoiler Sync
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"TwoNav Tablet 2.5.2" = TwoNav Tablet 2.5.2
"TwoNav Tablet_is1" = TwoNav Tablet 2.5.2
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1452509460-3710196437-2671254961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"Geocaching Live" = Geocaching Live
"RouteConverter" = RouteConverter
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6084
Error - 13.09.2012 15:50:43 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6084
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7239
Error - 13.09.2012 15:50:44 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7239
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8253
Error - 13.09.2012 15:50:45 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8253
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9251
Error - 13.09.2012 15:50:46 | Computer Name = gonzo | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9251
[ System Events ]
Error - 26.05.2012 10:11:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 26.05.2012 15:11:05 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 28.05.2012 14:46:45 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 30.05.2012 01:48:19 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 30.05.2012 07:10:29 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.05.2012 05:31:31 | Computer Name = gonzo | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 01.06.2012 01:43:35 | Computer Name = gonzo | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 01.06.2012 01:44:43 | Computer Name = gonzo | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.06.2012 01:45:10 | Computer Name = gonzo | Source = DCOM | ID = 10010
Description =
Error - 01.06.2012 05:45:22 | Computer Name = gonzo | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-14 17:23:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-80A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\eg\AppData\Local\Temp\uxldqpow.sys
---- System - GMER 2.1 ----
SSDT 8056A11E ZwCreateSection
SSDT 8056A128 ZwRequestWaitReplyPort
SSDT 8056A123 ZwSetContextThread
SSDT 8056A12D ZwSetSecurityObject
SSDT 8056A132 ZwSystemDebugControl
SSDT 8056A0BF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 822919F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 822D253C 4 Bytes [1E, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 822D2898 4 Bytes [28, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 822D28DC 4 Bytes [23, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 822D2958 4 Bytes [2D, A1, 56, 80]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 822D29AC 4 Bytes [32, A1, 56, 80]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\HelperService.exe[476] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\HelperService.exe[476] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wininit.exe[480] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wininit.exe[480] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\winlogon.exe[524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\winlogon.exe[524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\services.exe[568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\services.exe[568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iPod\bin\iPodService.exe[580] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iPod\bin\iPodService.exe[580] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\lsass.exe[596] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[708] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[708] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[780] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[780] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[792] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[804] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[848] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[848] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\svchost.exe[976] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\svchost.exe[976] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\PDF Architect\ConversionService.exe[1260] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\WLANExt.exe[1380] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\WLANExt.exe[1380] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\conhost.exe[1388] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\conhost.exe[1388] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\System32\spoolsv.exe[1436] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\System32\spoolsv.exe[1436] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[1524] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[1524] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1828] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\AsusService.exe[1888] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\AsusService.exe[1888] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Bonjour\mDNSResponder.exe[1932] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\AsScrPro.exe[1944] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\AsScrPro.exe[1944] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1956] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\Dwm.exe[2056] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\Dwm.exe[2056] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\AssistantServices.exe[2068] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe[2112] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxpers.exe[2176] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxpers.exe[2176] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\hkcmd.exe[2180] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\hkcmd.exe[2180] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\Explorer.EXE[2196] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\Explorer.EXE[2196] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\iTunes\iTunesHelper.exe[2372] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\1&1 Surf-Stick\UIExec.exe[2376] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2412] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[2456] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[2456] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Windows\System32\igfxtray.exe[2520] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Windows\System32\igfxtray.exe[2520] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2544] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\SHE\SuperHybridEngine.exe[2568] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[2656] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Elantech\ETDCtrl.exe[2832] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2900] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\nvvsvc.exe[2908] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\nvvsvc.exe[2908] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2928] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[3140] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[3140] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe[3360] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3404] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\HotkeyService\HotkeyService.exe[3448] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\EeePC\CapsHook\CapsHook.exe[3472] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\igfxsrvc.exe[3496] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\igfxsrvc.exe[3496] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\wbem\wmiprvse.exe[3664] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\taskhost.exe[4064] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\taskhost.exe[4064] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[6008] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Users\eg\Downloads\gmer_2.1.19163.exe[6720] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[7816] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
.text C:\windows\system32\svchost.exe[7920] ntdll.dll!LdrQueryImageFileExecutionOptionsEx 778ACE48 5 Bytes JMP 7FFA0000
.text C:\windows\system32\svchost.exe[7920] SHELL32.dll!ShellExecuteExW 768F1DF6 5 Bytes JMP 7FF90000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab1478
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab1478 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@00237f44dc2e 0xE9 0x22 0x11 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db4b67f@001813474060 0xD4 0x5A 0x93 0x36 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
14.06.2013, 20:13
| #2 |
| /// the machine /// TB-Ausbilder    | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
18.06.2013, 07:04
| #3 |
| | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Hier kommen die Ergebnisse von frst.
__________________FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013
Ran by eg (administrator) on 18-06-2013 07:52:00
Running from C:\Users\eg\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Windows\AsScrPro.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Users\eg\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe [3058304 2010-09-02] (ASUS)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1244592 2010-08-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [976872 2010-06-12] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep [205304 2010-08-19] (AsusTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" [2234 2009-12-04] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-09-02] (ASUSTek Computer Inc.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
HKLM\...\Run: [CompeGPSDev] [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-16] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe [x]
HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [90624 2013-04-11] ()
MountPoints2: {b93ae107-bd6e-11e2-9ac1-20cf307c54be} - E:\LGAutoRun.exe
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-08-11] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] AsusSender.exe C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\UpdatusUser\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-08-11] (AsusTek Computer Inc.)
HKU\UpdatusUser\...\RunOnce: [AskScreensaver] AsusSender.exe C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
HKCU SearchScopes: DefaultScope {040A2185-BD8C-4711-BC4B-45E44F4A4963} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - {040A2185-BD8C-4711-BC4B-45E44F4A4963} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: firebug - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: treestyletab - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi
FF Extension: No Name - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (AdBlock) - C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-05-16] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-16] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [684664 2011-02-10] (www.ext2fsd.com)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [23144 2011-08-03] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-16] (Avira GmbH)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys [x]
U3 uxldqpow; \??\C:\Users\eg\AppData\Local\Temp\uxldqpow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 15:18 - 2010-11-20 14:40 - 00383786 _RASH C:\bootmgr
2013-06-18 07:24 - 2013-06-18 07:24 - 00000000 ____D C:\FRST
2013-06-18 07:23 - 2013-06-18 07:23 - 01365717 ____A (Farbar) C:\Users\eg\Desktop\FRST.exe
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith.zip
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith (1).zip
2013-06-14 17:23 - 2013-06-14 17:23 - 00025890 ____A C:\Users\eg\Desktop\gmer.log
2013-06-13 21:01 - 2013-06-13 21:01 - 00049108 ____A C:\Users\eg\Desktop\Extras.Txt
2013-06-13 21:00 - 2013-06-13 21:00 - 00098264 ____A C:\Users\eg\Desktop\OTL.Txt
2013-06-13 20:51 - 2013-06-13 20:51 - 00049108 ____A C:\Users\eg\Downloads\Extras.Txt
2013-06-13 20:47 - 2013-06-13 20:47 - 00098264 ____A C:\Users\eg\Downloads\OTL.Txt
2013-06-13 20:10 - 2013-06-13 20:10 - 00377856 ____A C:\Users\eg\Downloads\gmer_2.1.19163.exe
2013-06-13 19:59 - 2013-06-13 19:59 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL (1).exe
2013-06-13 19:58 - 2013-06-13 19:58 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL.exe
2013-06-12 19:18 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 19:18 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 19:08 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:08 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:08 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:06 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:06 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:06 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:06 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:06 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:06 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 19:06 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 19:06 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 19:05 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:05 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:05 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:03 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-10 07:21 - 2013-06-10 07:21 - 00021796 ____A C:\Users\eg\Desktop\feierabendrunde.GPX
2013-06-06 20:27 - 2013-06-06 20:27 - 00012295 ____A C:\Users\eg\Downloads\hijackthis.log
2013-06-06 20:20 - 2013-06-06 20:20 - 00139200 ____A C:\Windows\Minidump\060613-30747-01.dmp
2013-06-06 19:42 - 2013-06-06 19:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\eg\Downloads\HijackThis.exe
2013-06-06 07:45 - 2013-06-18 07:14 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-03 20:13 - 2013-06-03 20:49 - 00000000 ____D C:\Users\eg\AppData\Local\.elfohilfe
2013-06-03 19:34 - 2013-06-03 19:34 - 00000097 ___AH C:\Users\eg\Desktop\.~lock.Stundendatei_2012_Egge.xlsx#
2013-06-03 19:33 - 2013-06-03 19:33 - 00099515 ____A C:\Users\eg\Desktop\Stundendatei_2012_Egge.xlsx
2013-05-30 21:26 - 2013-05-30 21:26 - 00535305 ____A C:\Users\eg\Downloads\CalDavZAP_0.8.1.1.zip
2013-05-26 16:02 - 2013-05-26 16:02 - 00100703 ____A C:\Users\eg\Downloads\roundcube.sql.zip
2013-05-25 11:51 - 2013-05-25 11:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders ========
2030-01-01 15:18 - 2009-07-14 06:57 - 00029696 __ASH C:\Windows\System32\config\BCD-Template.LOG
2030-01-01 15:18 - 2009-07-14 06:52 - 00032768 ____A C:\Windows\System32\config\BCD-Template
2019-10-03 20:14 - 2011-02-18 17:19 - 00000000 ____D C:\Users\eg\AppData\Roaming\Adobe
2019-10-03 20:14 - 2011-02-18 17:19 - 00000000 ____D C:\Users\eg\AppData\Local\Adobe
2019-10-03 20:11 - 2011-09-06 09:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2019-10-03 20:11 - 2010-09-02 20:13 - 00000000 ____D C:\ProgramData\Adobe
2019-10-03 20:09 - 2010-09-02 20:16 - 00000000 ____D C:\Program Files\Adobe
2013-06-18 07:53 - 2011-06-17 18:56 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-18 07:42 - 2011-02-19 07:58 - 01454665 ____A C:\Windows\WindowsUpdate.log
2013-06-18 07:28 - 2009-07-14 06:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 07:28 - 2009-07-14 06:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 07:24 - 2013-06-18 07:24 - 00000000 ____D C:\FRST
2013-06-18 07:23 - 2013-06-18 07:23 - 01365717 ____A (Farbar) C:\Users\eg\Desktop\FRST.exe
2013-06-18 07:21 - 2011-02-20 13:22 - 00000000 ____D C:\Users\eg\AppData\Roaming\.purple
2013-06-18 07:14 - 2013-06-06 07:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 20:23 - 2011-06-17 18:56 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-14 20:57 - 2009-07-26 23:56 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith.zip
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith (1).zip
2013-06-14 17:24 - 2012-05-25 19:19 - 00016839 ____A C:\Windows\setupact.log
2013-06-14 17:23 - 2013-06-14 17:23 - 00025890 ____A C:\Users\eg\Desktop\gmer.log
2013-06-13 21:01 - 2013-06-13 21:01 - 00049108 ____A C:\Users\eg\Desktop\Extras.Txt
2013-06-13 21:00 - 2013-06-13 21:00 - 00098264 ____A C:\Users\eg\Desktop\OTL.Txt
2013-06-13 20:51 - 2013-06-13 20:51 - 00049108 ____A C:\Users\eg\Downloads\Extras.Txt
2013-06-13 20:47 - 2013-06-13 20:47 - 00098264 ____A C:\Users\eg\Downloads\OTL.Txt
2013-06-13 20:10 - 2013-06-13 20:10 - 00377856 ____A C:\Users\eg\Downloads\gmer_2.1.19163.exe
2013-06-13 19:59 - 2013-06-13 19:59 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL (1).exe
2013-06-13 19:58 - 2013-06-13 19:58 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL.exe
2013-06-13 19:51 - 2011-02-20 15:25 - 00000000 ____D C:\ProgramData\CompeGPS
2013-06-13 19:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 19:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-13 07:33 - 2012-09-30 20:44 - 00000000 ____D C:\Users\eg\AppData\Roaming\Dropbox
2013-06-13 07:28 - 2012-09-30 20:51 - 00000000 ___RD C:\Users\eg\Dropbox
2013-06-13 06:52 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-13 06:51 - 2010-09-03 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-13 06:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 19:14 - 2012-07-03 20:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 19:14 - 2012-07-03 20:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 19:10 - 2011-02-19 16:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 07:30 - 2011-09-04 15:25 - 00000000 ____D C:\Users\eg\AppData\Roaming\FileZilla
2013-06-10 07:21 - 2013-06-10 07:21 - 00021796 ____A C:\Users\eg\Desktop\feierabendrunde.GPX
2013-06-08 13:42 - 2013-06-12 19:18 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 19:18 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-06 22:35 - 2011-03-18 10:49 - 00000000 ____D C:\Users\eg\AppData\Local\TSVNCache
2013-06-06 20:27 - 2013-06-06 20:27 - 00012295 ____A C:\Users\eg\Downloads\hijackthis.log
2013-06-06 20:20 - 2013-06-06 20:20 - 00139200 ____A C:\Windows\Minidump\060613-30747-01.dmp
2013-06-06 20:20 - 2012-10-18 20:29 - 00000000 ____D C:\Windows\Minidump
2013-06-06 20:20 - 2012-10-18 20:28 - 132599746 ____A C:\Windows\MEMORY.DMP
2013-06-06 19:42 - 2013-06-06 19:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\eg\Downloads\HijackThis.exe
2013-06-06 18:54 - 2012-01-28 10:21 - 00007598 ____A C:\Users\eg\AppData\Local\Resmon.ResmonCfg
2013-06-06 18:00 - 2013-04-22 21:14 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-06 07:46 - 2012-06-26 21:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-06 07:45 - 2011-12-12 15:00 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-06 07:02 - 2010-09-03 02:54 - 00589780 ____A C:\Windows\PFRO.log
2013-06-03 20:49 - 2013-06-03 20:13 - 00000000 ____D C:\Users\eg\AppData\Local\.elfohilfe
2013-06-03 19:47 - 2011-03-12 10:43 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-06-03 19:34 - 2013-06-03 19:34 - 00000097 ___AH C:\Users\eg\Desktop\.~lock.Stundendatei_2012_Egge.xlsx#
2013-06-03 19:33 - 2013-06-03 19:33 - 00099515 ____A C:\Users\eg\Desktop\Stundendatei_2012_Egge.xlsx
2013-06-02 18:41 - 2013-04-07 09:52 - 00000000 ____D C:\Program Files\ElsterFormular
2013-06-02 18:39 - 2011-02-18 17:19 - 00000000 ____D C:\users\eg
2013-05-30 21:26 - 2013-05-30 21:26 - 00535305 ____A C:\Users\eg\Downloads\CalDavZAP_0.8.1.1.zip
2013-05-26 16:02 - 2013-05-26 16:02 - 00100703 ____A C:\Users\eg\Downloads\roundcube.sql.zip
2013-05-26 12:23 - 2011-09-02 09:20 - 00000297 ____A C:\Users\eg\AppData\Roaming\rftg
2013-05-25 11:52 - 2013-05-25 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-20 12:26 - 2011-10-20 20:07 - 00000000 ____D C:\Users\eg\AppData\Roaming\gsak
2013-05-20 12:18 - 2012-05-21 19:14 - 00000000 ____D C:\Users\eg\AppData\Roaming\.easytag
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 00:43
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2013
Ran by eg at 2013-06-18 07:58:19 Run:
Running from C:\Users\eg\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
1&1 Surf-Stick (Version: 1.0.0.2)
32 Bit HP CIO Components Installer (Version: 1.1.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Lightroom 4.2 (Version: 4.2.1)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcGIS Explorer Desktop (Version: 10.1.2500)
AsusScreensaver (Version: 1.03)
ASUSUpdate for Eee PC (Version: 1.04.01)
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.29)
Avira Free Antivirus (Version: 13.0.0.3640)
BatteryBar (remove only)
Bonjour (Version: 3.0.0.10)
Broadcom Wireless Network Adapter (Version: 1.00.0000)
CapsHook (Version: 1.0.0.5)
Citrix Authentication Manager (Version: 3.0.0.47031)
Citrix Receiver (DV) (Version: 13.3.0.55)
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.3.0.55)
Citrix Receiver (USB) (Version: 13.3.0.55)
Citrix Receiver (Version: 13.3.0.55)
Citrix Receiver Inside (Version: 3.3.0.17208)
Citrix Receiver Updater (Version: 3.3.0.17207)
Citrix Receiver(Aero) (Version: 13.3.0.55)
CompeGPS LAND 7.5.2 (Version: 7.5.2)
CompeGPSDownloader version 1.13 (Version: 1.13)
CyberLink YouCam (Version: 2.0.3718a)
Dev-C++ 5 beta 9 release (4.9.9.2)
Dexpot (Version: 1.5.8)
Dropbox (Version: 2.0.5)
EasyTAG 2.1
ebi.BookReader3J (Version: 3.75.14)
ECW ActiveX Controls 3.1.0.229
ElsterFormular (Version: 14.3.11574)
ETDWare PS/2-x86 7.0.5.13_WHQL (Version: 7.0.5.13)
Ext2Fsd 0.50 (Version: 0.50)
FileZilla Client 3.7.0.1 (Version: 3.7.0.1)
FontResizer (Version: 1.01.0011)
Geocaching Live
GiMeSpace Desktop Extender 3D v3.1.0.28 (requires Vista or later, install the normal Desktop Extender when using XP!)
GIMP 2.8.2 (Version: 2.8.2)
GNU Privacy Guard (Version: 1.4.11)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GPSBabel 1.4.2
GraphicsSwitch (Version: 1.4)
GSAK 8.2.1.180
Hotkey Service (Version: 1.31)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2230)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 11.0.2.25)
IZArc 4.1.6 (Version: 4.1.6)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Kyocera Product Library (Version: 2.0.0713)
LG On-Screen Phone (Version: 4.0.000.130227)
LG United Mobile Drivers (Version: 3.8.1)
LiveUpdate (Version: 1.22)
LocaleMe (Version: 1.3)
Luminance HDR 2.3.0
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 de) (Version: 17.0.6)
Mp3tag v2.55a (Version: v2.55a)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MyPhoneExplorer (Version: 1.8.4)
Notepad++ (Version: 6.1.3)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90)
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Optimus 1.4.28 (Version: 1.4.28)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
NVIDIA Updatus (Version: 1.0.3)
Online Plug-in (Version: 13.3.0.55)
OOBERegBackup
Opera 12.00 (Version: 12.00.1467)
PDF Architect (Version: 1.0.41.8362)
PDFCreator (Version: 1.6.1)
pdfsam (Version: 2.2.1)
Picasa 3 (Version: 3.9)
Pidgin (Version: 2.7.10)
PS3 Media Server (Version: 1.81.0)
QuickTime (Version: 7.73.80.64)
Race for the Galaxy version 0.8.1 (Version: 0.8.1)
RCH65 Spoiler Downloader (Version: 1.0.24)
Realtek High Definition Audio Driver (Version: 6.0.1.6186)
RouteConverter
ScreenSaverPatch
Self-Service Plug-in (Version: 3.3.0.27839)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.1 (Version: 6.1.129)
Spoiler Sync
Super Hybrid Engine (Version: 2.16)
System Requirements Lab
TortoiseSVN 1.6.13.20954 (32 bit) (Version: 1.6.20954)
Total Commander (Remove or Repair) (Version: 8.01)
Trend Micro Titanium (Version: 1.0)
TwoNav Tablet 2.5.2 (Version: 2.5.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 2.0.1 (Version: 2.0.1)
WIDCOMM Bluetooth Software (Version: 6.3.0.5500)
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (Version: 1.0.0.1)
WinMerge 2.14.0 (Version: 2.14.0)
==================== Restore Points =========================
11-06-2013 14:58:42 Geplanter Prüfpunkt
12-06-2013 17:07:10 Windows Update
13-06-2013 05:03:01 Windows Update
==================== Scheduled Tasks (whitelisted) =============
Task: {2C170A8C-A7D0-4149-9495-F2D0B5C183F5} - System32\Tasks\{A0316920-700D-48AE-8945-C0F8141CF67D} => c:\program files\mozilla firefox\firefox.exe [2013-05-25] (Mozilla Corporation)
Task: {40FB9D2F-714E-4548-B4D1-2D58BF3DC411} - System32\Tasks\{2522D05C-9AE6-4AD3-862B-A136BFABB725} => C:\Program Files\SpoilerSync\spoilersync.exe [2012-05-25] (aRRKS)
Task: {86DDE4B2-61F9-4090-AAC9-589F8385E57A} - System32\Tasks\{09EB36F0-C14C-41F0-BC11-4E250D8CE492} => C:\Program Files\SpoilerSync\spoilersync.exe [2012-05-25] (aRRKS)
Task: {8F2AEC04-6021-4D8A-AAA7-B202FD8955D9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {91613ACC-6C00-476C-A958-A8D83AE31C88} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {9D8DA009-3CAA-4F4E-98AE-7D2582F8A593} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1452509460-3710196437-2671254961-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {A0709C5E-7EFB-43C9-BB10-535F8BDFE0B0} - System32\Tasks\{E818ED0A-288E-4695-9315-422D3482E2DC} => C:\Program Files\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {ADC49580-6E2A-4310-B221-0AE069E82075} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation)
Task: {D2CBEE2F-5AD2-445A-B992-4AB1A36E4954} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
Task: {D5E90D8C-BE94-4B7A-B8D8-B1C59D939C4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] ()
Task: {F1147A55-F1E3-4637-99F9-AC06382B1919} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [] ()
Task: {FAB78063-DD14-492B-B41C-5E71D593CF6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-17] (Google Inc.)
==================== Faulty Device Manager Devices =============
Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15678
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15678
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19734
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19734
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18501
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18501
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17503
System errors:
=============
Error: (06/18/2013 06:42:28 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst btwdins erreicht.
Error: (06/17/2013 08:11:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/13/2013 10:28:52 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (06/13/2013 09:57:15 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (06/13/2013 09:36:07 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (06/13/2013 09:02:26 PM) (Source: atapi) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (06/13/2013 06:44:20 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (06/13/2013 06:44:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/13/2013 06:55:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/13/2013 06:55:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15678
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15678
Error: (06/17/2013 09:41:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19734
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19734
Error: (06/17/2013 07:45:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18501
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18501
Error: (06/17/2013 07:45:39 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/17/2013 07:45:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17503
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 2038.05 MB
Available physical RAM: 859.27 MB
Total Pagefile: 4076.11 MB
Available Pagefile: 2355.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:26.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:122.51 GB) (Free:17.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 29133921)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=133 GB) - (Type=05)
Partition 4: (Not Active) - (Size=20 MB) - (Type=EF)
==================== End Of Log ============================
|
|
18.06.2013, 07:07
| #4 | |
| /// the machine /// TB-Ausbilder | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2013, 20:22
| #5 |
| | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Leider hängt sich mein Rechner beim Ausführen von Combofix.exe auf und startet sich neu. |
|
19.06.2013, 07:11
| #6 |
| /// the machine /// TB-Ausbilder | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Combofix bitte umbenennen in NoMBR und nochmal versuchen.
__________________ --> Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? |
|
20.06.2013, 06:14
| #7 |
| | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Guten Morgen, ich habe das Programm gestern abend umbenannt und neugestartet. Der Rechner ist diesmal nicht abgestürzt, dafür ist das Programm ewig gelaufen. Als ich schlafen gegangen bin, war er bei "Stufe 48" oder so ähnlich. Heute morgen war der Computer ausgeschaltet, nach dem Einschalten gab es keine Warnung wegen ungeplantem Herunterfahren oder so. Ich denke also, dass das Programm diesmal durchgelaufen ist. Leider finde ich keine C:\Combofix.txt oder C:\NoMBR.txt. Nur ein Verzeichnis C:\NoMBR. Was kann ich nun tun? Viele Grüße, Kermit_Frog |
|
20.06.2013, 08:42
| #8 |
| /// the machine /// TB-Ausbilder | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Versuch das mal: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.06.2013, 17:20
| #9 |
| | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Hallo, hier das Ergebnis von tdsskiller: Code:
ATTFilter 17:48:44.0918 5416 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:48:44.0980 5416 ============================================================
17:48:44.0980 5416 Current date / time: 2013/06/20 17:48:44.0980
17:48:44.0980 5416 SystemInfo:
17:48:44.0980 5416
17:48:44.0980 5416 OS Version: 6.1.7601 ServicePack: 1.0
17:48:44.0980 5416 Product type: Workstation
17:48:44.0980 5416 ComputerName: GONZO
17:48:44.0980 5416 UserName: eg
17:48:44.0980 5416 Windows directory: C:\windows
17:48:44.0980 5416 System windows directory: C:\windows
17:48:44.0980 5416 Processor architecture: Intel x86
17:48:44.0980 5416 Number of processors: 4
17:48:44.0980 5416 Page size: 0x1000
17:48:44.0980 5416 Boot type: Normal boot
17:48:44.0980 5416 ============================================================
17:48:47.0382 5416 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:47.0382 5416 Drive \Device\Harddisk1\DR1 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:48:47.0398 5416 ============================================================
17:48:47.0398 5416 \Device\Harddisk0\DR0:
17:48:47.0398 5416 MBR partitions:
17:48:47.0398 5416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
17:48:47.0414 5416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC801000, BlocksNum 0xF506FC4
17:48:47.0445 5416 \Device\Harddisk1\DR1:
17:48:47.0445 5416 MBR partitions:
17:48:47.0445 5416 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
17:48:47.0445 5416 ============================================================
17:48:47.0523 5416 C: <-> \Device\Harddisk0\DR0\Partition1
17:48:47.0538 5416 D: <-> \Device\Harddisk0\DR0\Partition2
17:48:47.0538 5416 ============================================================
17:48:47.0538 5416 Initialize success
17:48:47.0538 5416 ============================================================
17:48:54.0870 5032 ============================================================
17:48:54.0870 5032 Scan started
17:48:54.0870 5032 Mode: Manual; SigCheck; TDLFS;
17:48:54.0870 5032 ============================================================
17:48:56.0196 5032 ================ Scan system memory ========================
17:48:56.0196 5032 System memory - ok
17:48:56.0196 5032 ================ Scan services =============================
17:48:56.0430 5032 [ D01E0B1CEF9EE82100C2BB07294880EF ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:48:56.0586 5032 1394ohci ( UnsignedFile.Multi.Generic ) - warning
17:48:56.0586 5032 1394ohci - detected UnsignedFile.Multi.Generic (1)
17:48:56.0633 5032 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:48:56.0742 5032 ACPI - ok
17:48:56.0805 5032 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:48:56.0930 5032 AcpiPmi - ok
17:48:57.0070 5032 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:48:57.0132 5032 AdobeARMservice - ok
17:48:57.0242 5032 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:48:57.0288 5032 AdobeFlashPlayerUpdateSvc - ok
17:48:57.0351 5032 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:48:57.0460 5032 adp94xx - ok
17:48:57.0522 5032 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:48:57.0616 5032 adpahci - ok
17:48:57.0647 5032 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:48:57.0725 5032 adpu320 - ok
17:48:57.0772 5032 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:48:58.0006 5032 AeLookupSvc - ok
17:48:58.0053 5032 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
17:48:58.0178 5032 AFD - ok
17:48:58.0209 5032 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
17:48:58.0287 5032 agp440 - ok
17:48:58.0334 5032 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
17:48:58.0412 5032 aic78xx - ok
17:48:58.0474 5032 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
17:48:58.0552 5032 ALG - ok
17:48:58.0599 5032 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
17:48:58.0677 5032 aliide - ok
17:48:58.0708 5032 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
17:48:58.0755 5032 amdagp - ok
17:48:58.0786 5032 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
17:48:58.0848 5032 amdide - ok
17:48:58.0911 5032 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:48:59.0004 5032 AmdK8 - ok
17:48:59.0020 5032 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:48:59.0129 5032 AmdPPM - ok
17:48:59.0176 5032 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
17:48:59.0254 5032 amdsata - ok
17:48:59.0285 5032 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:48:59.0379 5032 amdsbs - ok
17:48:59.0410 5032 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:48:59.0472 5032 amdxata - ok
17:48:59.0566 5032 [ 39E58CE46F87D039994F20B4295887CC ] AndNetDiag C:\windows\system32\DRIVERS\lgandnetdiag.sys
17:48:59.0862 5032 AndNetDiag - ok
17:48:59.0894 5032 [ 2D9231585B67DC7432D135F1EA305655 ] ANDNetModem C:\windows\system32\DRIVERS\lgandnetmodem.sys
17:48:59.0987 5032 ANDNetModem - ok
17:49:00.0034 5032 [ 71FCBB6EE77270E3F18064F5DCD89A98 ] andnetndis C:\windows\system32\DRIVERS\lgandnetndis.sys
17:49:00.0174 5032 andnetndis - ok
17:49:00.0284 5032 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:49:00.0330 5032 AntiVirSchedulerService - ok
17:49:00.0393 5032 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:49:00.0455 5032 AntiVirService - ok
17:49:00.0533 5032 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
17:49:00.0658 5032 AppID - ok
17:49:00.0720 5032 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:49:00.0876 5032 AppIDSvc - ok
17:49:00.0923 5032 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\windows\System32\appinfo.dll
17:49:01.0017 5032 Appinfo - ok
17:49:01.0142 5032 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:49:01.0204 5032 Apple Mobile Device - ok
17:49:01.0282 5032 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
17:49:01.0360 5032 arc - ok
17:49:01.0391 5032 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:49:01.0469 5032 arcsas - ok
17:49:01.0532 5032 [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
17:49:01.0610 5032 AsUpIO - ok
17:49:01.0656 5032 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
17:49:01.0766 5032 AsusService ( UnsignedFile.Multi.Generic ) - warning
17:49:01.0766 5032 AsusService - detected UnsignedFile.Multi.Generic (1)
17:49:01.0797 5032 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:49:01.0984 5032 AsyncMac - ok
17:49:02.0031 5032 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
17:49:02.0062 5032 atapi - ok
17:49:02.0156 5032 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\windows\system32\DRIVERS\athr.sys
17:49:02.0327 5032 athr - ok
17:49:02.0390 5032 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:49:02.0530 5032 AudioEndpointBuilder - ok
17:49:02.0561 5032 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
17:49:02.0655 5032 Audiosrv - ok
17:49:02.0702 5032 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:49:02.0780 5032 avgntflt - ok
17:49:02.0826 5032 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:49:02.0889 5032 avipbb - ok
17:49:02.0951 5032 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:49:03.0014 5032 avkmgr - ok
17:49:03.0092 5032 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
17:49:03.0248 5032 AxInstSV - ok
17:49:03.0326 5032 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
17:49:03.0450 5032 b06bdrv - ok
17:49:03.0482 5032 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
17:49:03.0622 5032 b57nd60x - ok
17:49:03.0840 5032 [ 2BE0F23D494C301641C42EAD2FDCD4F2 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
17:49:04.0043 5032 BCM43XX - ok
17:49:04.0106 5032 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
17:49:04.0215 5032 BDESVC - ok
17:49:04.0230 5032 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
17:49:04.0340 5032 Beep - ok
17:49:04.0402 5032 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
17:49:04.0574 5032 BFE - ok
17:49:04.0636 5032 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll
17:49:04.0792 5032 BITS - ok
17:49:04.0870 5032 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:49:04.0964 5032 blbdrive - ok
17:49:05.0073 5032 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:49:05.0151 5032 Bonjour Service - ok
17:49:05.0213 5032 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:49:05.0354 5032 bowser - ok
17:49:05.0432 5032 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:49:05.0510 5032 BrFiltLo - ok
17:49:05.0541 5032 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:49:05.0634 5032 BrFiltUp - ok
17:49:05.0666 5032 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
17:49:05.0822 5032 BridgeMP - ok
17:49:05.0884 5032 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
17:49:06.0024 5032 Browser - ok
17:49:06.0087 5032 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:49:06.0227 5032 Brserid - ok
17:49:06.0258 5032 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:49:06.0399 5032 BrSerWdm - ok
17:49:06.0414 5032 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:49:06.0539 5032 BrUsbMdm - ok
17:49:06.0555 5032 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:49:06.0648 5032 BrUsbSer - ok
17:49:06.0695 5032 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:49:06.0851 5032 BthEnum - ok
17:49:06.0882 5032 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:49:06.0992 5032 BTHMODEM - ok
17:49:07.0023 5032 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:49:07.0116 5032 BthPan - ok
17:49:07.0194 5032 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:49:07.0350 5032 BTHPORT - ok
17:49:07.0413 5032 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
17:49:07.0616 5032 bthserv - ok
17:49:07.0662 5032 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:49:07.0756 5032 BTHUSB - ok
17:49:07.0803 5032 [ D57641BF7E6AF5C996EAB931AFADC271 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
17:49:07.0928 5032 btwampfl - ok
17:49:07.0974 5032 [ 81471A7D64D1FC014D47A4CF33CD701E ] btwaudio C:\windows\system32\drivers\btwaudio.sys
17:49:08.0084 5032 btwaudio - ok
17:49:08.0130 5032 [ 098AF3559710FCEC05B7AA5159F435F9 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
17:49:08.0224 5032 btwavdt - ok
17:49:08.0364 5032 [ 8FCF8E276B5755DB87C8B015CAD1BC41 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:49:08.0505 5032 btwdins - ok
17:49:08.0536 5032 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
17:49:08.0614 5032 btwl2cap - ok
17:49:08.0676 5032 [ E28EF3C4EF1849B876F850015066380B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
17:49:08.0770 5032 btwrchid - ok
17:49:08.0864 5032 catchme - ok
17:49:08.0910 5032 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:49:09.0098 5032 cdfs - ok
17:49:09.0191 5032 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:49:09.0332 5032 cdrom - ok
17:49:09.0394 5032 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
17:49:09.0581 5032 CertPropSvc - ok
17:49:09.0628 5032 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:49:09.0737 5032 circlass - ok
17:49:09.0784 5032 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
17:49:09.0846 5032 CLFS - ok
17:49:10.0190 5032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:10.0299 5032 clr_optimization_v2.0.50727_32 - ok
17:49:10.0408 5032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:10.0502 5032 clr_optimization_v4.0.30319_32 - ok
17:49:10.0517 5032 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:49:10.0642 5032 CmBatt - ok
17:49:10.0673 5032 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
17:49:10.0751 5032 cmdide - ok
17:49:10.0814 5032 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
17:49:11.0001 5032 CNG - ok
17:49:11.0048 5032 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:49:11.0141 5032 Compbatt - ok
17:49:11.0204 5032 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:49:11.0344 5032 CompositeBus - ok
17:49:11.0375 5032 COMSysApp - ok
17:49:11.0422 5032 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:49:11.0531 5032 crcdisk - ok
17:49:11.0625 5032 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\windows\system32\cryptsvc.dll
17:49:11.0718 5032 CryptSvc - ok
17:49:11.0781 5032 [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm C:\windows\system32\DRIVERS\ctxusbm.sys
17:49:11.0874 5032 ctxusbm - ok
17:49:11.0937 5032 [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
17:49:12.0077 5032 dc3d - ok
17:49:12.0155 5032 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
17:49:12.0311 5032 DcomLaunch - ok
17:49:12.0358 5032 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
17:49:12.0498 5032 defragsvc - ok
17:49:12.0545 5032 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:49:12.0717 5032 DfsC - ok
17:49:12.0779 5032 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
17:49:12.0951 5032 Dhcp - ok
17:49:12.0966 5032 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
17:49:13.0091 5032 discache - ok
17:49:13.0154 5032 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
17:49:13.0247 5032 Disk - ok
17:49:13.0294 5032 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:49:13.0434 5032 Dnscache - ok
17:49:13.0497 5032 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
17:49:13.0668 5032 dot3svc - ok
17:49:13.0715 5032 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
17:49:13.0856 5032 DPS - ok
17:49:13.0902 5032 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:49:13.0996 5032 drmkaud - ok
17:49:14.0058 5032 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:49:14.0246 5032 DXGKrnl - ok
17:49:14.0292 5032 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
17:49:14.0480 5032 EapHost - ok
17:49:14.0620 5032 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
17:49:14.0979 5032 ebdrv - ok
17:49:15.0041 5032 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
17:49:15.0213 5032 EFS - ok
17:49:15.0447 5032 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:49:15.0603 5032 ehRecvr - ok
17:49:15.0634 5032 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
17:49:15.0743 5032 ehSched - ok
17:49:15.0852 5032 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:49:15.0993 5032 elxstor - ok
17:49:16.0040 5032 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:49:16.0149 5032 ErrDev - ok
17:49:16.0196 5032 [ 907C561D5F01133F247E4E2E74E20E30 ] ETD C:\windows\system32\DRIVERS\ETD.sys
17:49:16.0352 5032 ETD - ok
17:49:16.0414 5032 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
17:49:16.0632 5032 EventSystem - ok
17:49:16.0664 5032 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
17:49:16.0820 5032 exfat - ok
17:49:16.0898 5032 [ 0CC2C043CECD49D28326AA48B3054C54 ] Ext2Fsd C:\windows\system32\drivers\Ext2Fsd.sys
17:49:17.0069 5032 Ext2Fsd - ok
17:49:17.0132 5032 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:49:17.0288 5032 fastfat - ok
17:49:17.0350 5032 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
17:49:17.0490 5032 Fax - ok
17:49:17.0506 5032 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:49:17.0631 5032 fdc - ok
17:49:17.0662 5032 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
17:49:17.0849 5032 fdPHost - ok
17:49:17.0880 5032 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
17:49:18.0068 5032 FDResPub - ok
17:49:18.0114 5032 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:49:18.0208 5032 FileInfo - ok
17:49:18.0239 5032 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:49:18.0380 5032 Filetrace - ok
17:49:18.0411 5032 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:49:18.0489 5032 flpydisk - ok
17:49:18.0536 5032 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:49:18.0692 5032 FltMgr - ok
17:49:18.0770 5032 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\windows\system32\FntCache.dll
17:49:18.0910 5032 FontCache - ok
17:49:19.0019 5032 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:19.0113 5032 FontCache3.0.0.0 - ok
17:49:19.0144 5032 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:49:19.0253 5032 FsDepends - ok
17:49:19.0316 5032 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:49:19.0394 5032 Fs_Rec - ok
17:49:19.0456 5032 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:49:19.0534 5032 fvevol - ok
17:49:19.0596 5032 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:49:19.0690 5032 gagp30kx - ok
17:49:19.0752 5032 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:19.0830 5032 GEARAspiWDM - ok
17:49:19.0893 5032 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
17:49:20.0142 5032 gpsvc - ok
17:49:20.0252 5032 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:20.0298 5032 gupdate - ok
17:49:20.0345 5032 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:20.0376 5032 gupdatem - ok
17:49:20.0454 5032 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:20.0532 5032 gusvc - ok
17:49:20.0579 5032 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:49:20.0735 5032 hcw85cir - ok
17:49:20.0829 5032 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:49:20.0985 5032 HdAudAddService - ok
17:49:21.0032 5032 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:49:21.0110 5032 HDAudBus - ok
17:49:21.0156 5032 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:49:21.0281 5032 HidBatt - ok
17:49:21.0328 5032 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:49:21.0422 5032 HidBth - ok
17:49:21.0468 5032 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:49:21.0562 5032 HidIr - ok
17:49:21.0609 5032 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
17:49:21.0812 5032 hidserv - ok
17:49:21.0858 5032 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:49:21.0983 5032 HidUsb - ok
17:49:22.0030 5032 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
17:49:22.0186 5032 hkmsvc - ok
17:49:22.0248 5032 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:49:22.0389 5032 HomeGroupListener - ok
17:49:22.0436 5032 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:49:22.0607 5032 HomeGroupProvider - ok
17:49:22.0654 5032 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:49:22.0763 5032 HpSAMD - ok
17:49:22.0826 5032 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:49:22.0950 5032 HTTP - ok
17:49:22.0997 5032 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:49:23.0060 5032 hwpolicy - ok
17:49:23.0122 5032 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:49:23.0200 5032 i8042prt - ok
17:49:23.0262 5032 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:49:23.0372 5032 iaStorV - ok
17:49:23.0465 5032 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:23.0699 5032 idsvc - ok
17:49:23.0902 5032 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
17:49:24.0401 5032 igfx - ok
17:49:24.0464 5032 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:49:24.0557 5032 iirsp - ok
17:49:24.0651 5032 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
17:49:24.0900 5032 IKEEXT - ok
17:49:25.0041 5032 [ E8B6F7896DB2EE6A7AF7A177A9BBC526 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
17:49:25.0431 5032 IntcAzAudAddService - ok
17:49:25.0462 5032 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
17:49:25.0556 5032 intelide - ok
17:49:25.0618 5032 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:49:25.0680 5032 intelppm - ok
17:49:25.0727 5032 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:49:25.0883 5032 IPBusEnum - ok
17:49:25.0914 5032 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:49:26.0102 5032 IpFilterDriver - ok
17:49:26.0148 5032 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:49:26.0273 5032 iphlpsvc - ok
17:49:26.0320 5032 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:49:26.0445 5032 IPMIDRV - ok
17:49:26.0492 5032 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:49:26.0663 5032 IPNAT - ok
17:49:26.0757 5032 [ 02682AE021F0FB92F5768B49776B8B5B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:49:26.0835 5032 iPod Service - ok
17:49:26.0866 5032 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
17:49:26.0960 5032 IRENUM - ok
17:49:26.0991 5032 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:49:27.0053 5032 isapnp - ok
17:49:27.0116 5032 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:49:27.0225 5032 iScsiPrt - ok
17:49:27.0272 5032 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:49:27.0350 5032 kbdclass - ok
17:49:27.0381 5032 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:49:27.0506 5032 kbdhid - ok
17:49:27.0552 5032 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
17:49:27.0630 5032 kbfiltr - ok
17:49:27.0677 5032 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
17:49:27.0724 5032 KeyIso - ok
17:49:27.0771 5032 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:49:27.0880 5032 KSecDD - ok
17:49:27.0911 5032 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:49:27.0989 5032 KSecPkg - ok
17:49:28.0052 5032 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
17:49:28.0270 5032 KtmRm - ok
17:49:28.0317 5032 [ D1F734D9A7AAF078D88CEB51900699A7 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
17:49:28.0410 5032 L1C - ok
17:49:28.0457 5032 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
17:49:28.0613 5032 LanmanServer - ok
17:49:28.0676 5032 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:49:28.0878 5032 LanmanWorkstation - ok
17:49:28.0925 5032 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:49:29.0112 5032 lltdio - ok
17:49:29.0159 5032 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
17:49:29.0331 5032 lltdsvc - ok
17:49:29.0409 5032 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
17:49:29.0596 5032 lmhosts - ok
17:49:29.0643 5032 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:49:29.0721 5032 LSI_FC - ok
17:49:29.0768 5032 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:49:29.0861 5032 LSI_SAS - ok
17:49:29.0892 5032 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:49:29.0986 5032 LSI_SAS2 - ok
17:49:30.0017 5032 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:49:30.0126 5032 LSI_SCSI - ok
17:49:30.0158 5032 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
17:49:30.0282 5032 luafv - ok
17:49:30.0345 5032 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\windows\system32\drivers\massfilter.sys
17:49:30.0470 5032 massfilter - ok
17:49:30.0548 5032 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:49:30.0641 5032 Mcx2Svc - ok
17:49:30.0688 5032 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:49:30.0766 5032 megasas - ok
17:49:30.0813 5032 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:49:30.0922 5032 MegaSR - ok
17:49:30.0985 5032 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
17:49:31.0125 5032 MMCSS - ok
17:49:31.0172 5032 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
17:49:31.0328 5032 Modem - ok
17:49:31.0375 5032 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:49:31.0468 5032 monitor - ok
17:49:31.0515 5032 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:49:31.0609 5032 mouclass - ok
17:49:31.0671 5032 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:49:31.0796 5032 mouhid - ok
17:49:31.0827 5032 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:49:31.0889 5032 mountmgr - ok
17:49:31.0967 5032 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:49:32.0045 5032 MozillaMaintenance - ok
17:49:32.0077 5032 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
17:49:32.0186 5032 mpio - ok
17:49:32.0233 5032 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:49:32.0373 5032 mpsdrv - ok
17:49:32.0435 5032 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
17:49:32.0638 5032 MpsSvc - ok
17:49:32.0685 5032 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:49:32.0810 5032 MRxDAV - ok
17:49:32.0872 5032 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:49:32.0997 5032 mrxsmb - ok
17:49:33.0028 5032 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:49:33.0184 5032 mrxsmb10 - ok
17:49:33.0231 5032 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:49:33.0371 5032 mrxsmb20 - ok
17:49:33.0418 5032 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
17:49:33.0512 5032 msahci - ok
17:49:33.0574 5032 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:49:33.0683 5032 msdsm - ok
17:49:33.0715 5032 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
17:49:33.0855 5032 MSDTC - ok
17:49:33.0933 5032 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
17:49:34.0120 5032 Msfs - ok
17:49:34.0151 5032 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:49:34.0323 5032 mshidkmdf - ok
17:49:34.0354 5032 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:49:34.0448 5032 msisadrv - ok
17:49:34.0495 5032 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:49:34.0682 5032 MSiSCSI - ok
17:49:34.0697 5032 msiserver - ok
17:49:34.0760 5032 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:49:34.0931 5032 MSKSSRV - ok
17:49:34.0978 5032 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:49:35.0119 5032 MSPCLOCK - ok
17:49:35.0150 5032 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:49:35.0290 5032 MSPQM - ok
17:49:35.0306 5032 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:49:35.0415 5032 MsRPC - ok
17:49:35.0477 5032 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:49:35.0524 5032 mssmbios - ok
17:49:35.0571 5032 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:49:35.0727 5032 MSTEE - ok
17:49:35.0774 5032 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:49:35.0852 5032 MTConfig - ok
17:49:35.0883 5032 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
17:49:35.0977 5032 Mup - ok
17:49:36.0039 5032 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
17:49:36.0179 5032 napagent - ok
17:49:36.0242 5032 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:49:36.0382 5032 NativeWifiP - ok
17:49:36.0429 5032 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
17:49:36.0538 5032 NDIS - ok
17:49:36.0601 5032 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:49:36.0741 5032 NdisCap - ok
17:49:36.0788 5032 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:49:36.0959 5032 NdisTapi - ok
17:49:37.0022 5032 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:49:37.0162 5032 Ndisuio - ok
17:49:37.0209 5032 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:49:37.0396 5032 NdisWan - ok
17:49:37.0443 5032 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:49:37.0630 5032 NDProxy - ok
17:49:37.0693 5032 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
17:49:37.0739 5032 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:49:37.0739 5032 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:49:37.0802 5032 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:49:37.0942 5032 NetBIOS - ok
17:49:37.0989 5032 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:49:38.0114 5032 NetBT - ok
17:49:38.0129 5032 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
17:49:38.0192 5032 Netlogon - ok
17:49:38.0254 5032 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
17:49:38.0457 5032 Netman - ok
17:49:38.0488 5032 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
17:49:38.0722 5032 netprofm - ok
17:49:38.0769 5032 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:38.0878 5032 NetTcpPortSharing - ok
17:49:38.0941 5032 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:49:39.0034 5032 nfrd960 - ok
17:49:39.0112 5032 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
17:49:39.0268 5032 NlaSvc - ok
17:49:39.0299 5032 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
17:49:39.0440 5032 Npfs - ok
17:49:39.0487 5032 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
17:49:39.0627 5032 nsi - ok
17:49:39.0643 5032 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:49:39.0767 5032 nsiproxy - ok
17:49:39.0861 5032 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:49:40.0064 5032 Ntfs - ok
17:49:40.0111 5032 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
17:49:40.0235 5032 Null - ok
17:49:40.0313 5032 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\windows\system32\drivers\nvhda32v.sys
17:49:40.0423 5032 NVHDA - ok
17:49:40.0766 5032 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
17:49:41.0671 5032 nvlddmkm - ok
17:49:41.0749 5032 [ 899D85D77048A4EBB4DE69632B69FE66 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
17:49:41.0842 5032 nvpciflt - ok
17:49:41.0905 5032 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
17:49:42.0014 5032 nvraid - ok
17:49:42.0061 5032 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
17:49:42.0154 5032 nvstor - ok
17:49:42.0263 5032 [ B785320CBCF5021DE9945C803696C511 ] NVSvc C:\windows\system32\nvvsvc.exe
17:49:42.0419 5032 NVSvc - ok
17:49:42.0575 5032 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:49:42.0794 5032 nvUpdatusService - ok
17:49:42.0841 5032 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:49:42.0919 5032 nv_agp - ok
17:49:42.0965 5032 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:49:43.0106 5032 ohci1394 - ok
17:49:43.0246 5032 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:49:43.0527 5032 p2pimsvc - ok
17:49:43.0605 5032 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
17:49:43.0777 5032 p2psvc - ok
17:49:43.0823 5032 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:49:43.0901 5032 Parport - ok
17:49:43.0948 5032 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
17:49:44.0026 5032 partmgr - ok
17:49:44.0057 5032 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
17:49:44.0120 5032 Parvdm - ok
17:49:44.0182 5032 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
17:49:44.0323 5032 PcaSvc - ok
17:49:44.0385 5032 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
17:49:44.0463 5032 pci - ok
17:49:44.0525 5032 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
17:49:44.0603 5032 pciide - ok
17:49:44.0666 5032 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:49:44.0775 5032 pcmcia - ok
17:49:44.0822 5032 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
17:49:44.0900 5032 pcw - ok
17:49:45.0040 5032 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
17:49:45.0305 5032 PDF Architect Helper Service - ok
17:49:45.0399 5032 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
17:49:45.0539 5032 PDF Architect Service - ok
17:49:45.0617 5032 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:49:45.0883 5032 PEAUTH - ok
17:49:46.0007 5032 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
17:49:46.0319 5032 pla - ok
17:49:46.0397 5032 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:49:46.0569 5032 PlugPlay - ok
17:49:46.0631 5032 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
17:49:46.0725 5032 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:49:46.0725 5032 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:49:46.0756 5032 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:49:46.0897 5032 PNRPAutoReg - ok
17:49:46.0928 5032 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:49:47.0006 5032 PNRPsvc - ok
17:49:47.0053 5032 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:49:47.0271 5032 PolicyAgent - ok
17:49:47.0349 5032 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
17:49:47.0489 5032 Power - ok
17:49:47.0552 5032 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:49:47.0739 5032 PptpMiniport - ok
17:49:47.0755 5032 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
17:49:47.0848 5032 Processor - ok
17:49:47.0942 5032 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
17:49:48.0067 5032 ProfSvc - ok
17:49:48.0098 5032 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
17:49:48.0160 5032 ProtectedStorage - ok
17:49:48.0191 5032 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:49:48.0316 5032 Psched - ok
17:49:48.0394 5032 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:49:48.0613 5032 ql2300 - ok
17:49:48.0675 5032 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:49:48.0784 5032 ql40xx - ok
17:49:48.0831 5032 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
17:49:48.0987 5032 QWAVE - ok
17:49:49.0018 5032 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:49:49.0112 5032 QWAVEdrv - ok
17:49:49.0143 5032 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:49:49.0330 5032 RasAcd - ok
17:49:49.0393 5032 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:49:49.0533 5032 RasAgileVpn - ok
17:49:49.0580 5032 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
17:49:49.0736 5032 RasAuto - ok
17:49:49.0783 5032 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:49:49.0939 5032 Rasl2tp - ok
17:49:50.0017 5032 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
17:49:50.0251 5032 RasMan - ok
17:49:50.0282 5032 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:49:50.0438 5032 RasPppoe - ok
17:49:50.0485 5032 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:49:50.0656 5032 RasSstp - ok
17:49:50.0703 5032 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:49:50.0875 5032 rdbss - ok
17:49:50.0921 5032 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:49:51.0015 5032 rdpbus - ok
17:49:51.0077 5032 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:49:51.0202 5032 RDPCDD - ok
17:49:51.0249 5032 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:49:51.0374 5032 RDPENCDD - ok
17:49:51.0405 5032 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:49:51.0514 5032 RDPREFMP - ok
17:49:51.0561 5032 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:49:51.0686 5032 RDPWD - ok
17:49:51.0748 5032 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:49:51.0857 5032 rdyboost - ok
17:49:51.0889 5032 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
17:49:52.0045 5032 RemoteAccess - ok
17:49:52.0091 5032 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:49:52.0263 5032 RemoteRegistry - ok
17:49:52.0310 5032 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:49:52.0419 5032 RFCOMM - ok
17:49:52.0466 5032 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:49:52.0653 5032 RpcEptMapper - ok
17:49:52.0700 5032 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
17:49:52.0793 5032 RpcLocator - ok
17:49:52.0840 5032 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
17:49:52.0981 5032 RpcSs - ok
17:49:53.0027 5032 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:49:53.0183 5032 rspndr - ok
17:49:53.0215 5032 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
17:49:53.0277 5032 SamSs - ok
17:49:53.0308 5032 SANDRA - ok
17:49:53.0371 5032 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:49:53.0464 5032 sbp2port - ok
17:49:53.0511 5032 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
17:49:53.0667 5032 SCardSvr - ok
17:49:53.0683 5032 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:49:53.0823 5032 scfilter - ok
17:49:53.0901 5032 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
17:49:54.0151 5032 Schedule - ok
17:49:54.0182 5032 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
17:49:54.0291 5032 SCPolicySvc - ok
17:49:54.0338 5032 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:49:54.0509 5032 SDRSVC - ok
17:49:54.0572 5032 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:49:54.0728 5032 secdrv - ok
17:49:54.0775 5032 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
17:49:54.0915 5032 seclogon - ok
17:49:54.0962 5032 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
17:49:55.0102 5032 SENS - ok
17:49:55.0133 5032 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
17:49:55.0227 5032 SensrSvc - ok
17:49:55.0258 5032 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:49:55.0336 5032 Serenum - ok
17:49:55.0367 5032 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:49:55.0508 5032 Serial - ok
17:49:55.0555 5032 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:49:55.0633 5032 sermouse - ok
17:49:55.0711 5032 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
17:49:55.0913 5032 SessionEnv - ok
17:49:55.0960 5032 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:49:56.0054 5032 sffdisk - ok
17:49:56.0069 5032 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:49:56.0194 5032 sffp_mmc - ok
17:49:56.0210 5032 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:49:56.0272 5032 sffp_sd ( UnsignedFile.Multi.Generic ) - warning
17:49:56.0272 5032 sffp_sd - detected UnsignedFile.Multi.Generic (1)
17:49:56.0303 5032 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:49:56.0428 5032 sfloppy - ok
17:49:56.0491 5032 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
17:49:56.0709 5032 SharedAccess - ok
17:49:56.0771 5032 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:49:56.0927 5032 ShellHWDetection - ok
17:49:56.0943 5032 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
17:49:57.0052 5032 sisagp - ok
17:49:57.0099 5032 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:49:57.0177 5032 SiSRaid2 - ok
17:49:57.0193 5032 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:49:57.0302 5032 SiSRaid4 - ok
17:49:57.0395 5032 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:49:57.0676 5032 SkypeUpdate - ok
17:49:57.0785 5032 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
17:49:57.0941 5032 Smb - ok
17:49:58.0035 5032 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:49:58.0160 5032 SNMPTRAP - ok
17:49:58.0191 5032 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
17:49:58.0269 5032 spldr - ok
17:49:58.0347 5032 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
17:49:58.0519 5032 Spooler - ok
17:49:58.0675 5032 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
17:49:58.0940 5032 sppsvc - ok
17:49:59.0018 5032 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:49:59.0205 5032 sppuinotify - ok
17:49:59.0252 5032 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
17:49:59.0392 5032 srv - ok
17:49:59.0423 5032 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:49:59.0579 5032 srv2 - ok
17:49:59.0611 5032 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:49:59.0735 5032 srvnet - ok
17:49:59.0782 5032 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:49:59.0954 5032 SSDPSRV - ok
17:50:00.0016 5032 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
17:50:00.0094 5032 ssmdrv - ok
17:50:00.0141 5032 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
17:50:00.0297 5032 SstpSvc - ok
17:50:00.0391 5032 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:50:00.0547 5032 Stereo Service - ok
17:50:00.0593 5032 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:50:00.0671 5032 stexstor - ok
17:50:00.0734 5032 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
17:50:00.0952 5032 StiSvc - ok
17:50:00.0999 5032 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
17:50:01.0061 5032 swenum - ok
17:50:01.0124 5032 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
17:50:01.0311 5032 swprv - ok
17:50:01.0389 5032 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
17:50:01.0529 5032 SysMain - ok
17:50:01.0592 5032 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
17:50:01.0717 5032 TabletInputService - ok
17:50:01.0763 5032 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
17:50:01.0951 5032 TapiSrv - ok
17:50:01.0997 5032 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
17:50:02.0138 5032 TBS - ok
17:50:02.0231 5032 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:50:02.0481 5032 Tcpip - ok
17:50:02.0543 5032 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:50:02.0668 5032 TCPIP6 - ok
17:50:02.0731 5032 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:50:02.0840 5032 tcpipreg - ok
17:50:02.0902 5032 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:50:03.0043 5032 TDPIPE - ok
17:50:03.0089 5032 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:50:03.0199 5032 TDTCP - ok
17:50:03.0245 5032 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:50:03.0401 5032 tdx - ok
17:50:03.0433 5032 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
17:50:03.0511 5032 TermDD - ok
17:50:03.0573 5032 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
17:50:03.0838 5032 TermService - ok
17:50:03.0885 5032 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
17:50:04.0010 5032 Themes - ok
17:50:04.0025 5032 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
17:50:04.0150 5032 THREADORDER - ok
17:50:04.0197 5032 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
17:50:04.0400 5032 TrkWks - ok
17:50:04.0462 5032 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:50:04.0618 5032 TrustedInstaller - ok
17:50:04.0681 5032 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:50:04.0837 5032 tssecsrv - ok
17:50:04.0915 5032 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:50:05.0055 5032 TsUsbFlt - ok
17:50:05.0117 5032 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:50:05.0242 5032 tunnel - ok
17:50:05.0289 5032 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:50:05.0367 5032 uagp35 - ok
17:50:05.0476 5032 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:50:05.0679 5032 udfs - ok
17:50:05.0773 5032 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
17:50:05.0882 5032 UI Assistant Service - ok
17:50:05.0929 5032 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:50:06.0022 5032 UI0Detect - ok
17:50:06.0069 5032 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:50:06.0147 5032 uliagpkx - ok
17:50:06.0209 5032 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
17:50:06.0334 5032 umbus - ok
17:50:06.0365 5032 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:50:06.0459 5032 UmPass - ok
17:50:06.0506 5032 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
17:50:06.0693 5032 upnphost - ok
17:50:06.0755 5032 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:50:06.0865 5032 usbccgp - ok
17:50:06.0927 5032 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:50:07.0036 5032 usbcir - ok
17:50:07.0083 5032 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:50:07.0177 5032 usbehci - ok
17:50:07.0223 5032 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:50:07.0364 5032 usbhub - ok
17:50:07.0411 5032 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:50:07.0520 5032 usbohci - ok
17:50:07.0567 5032 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:50:07.0691 5032 usbprint - ok
17:50:07.0738 5032 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:50:07.0832 5032 USBSTOR - ok
17:50:07.0879 5032 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:50:07.0957 5032 usbuhci - ok
17:50:08.0019 5032 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:50:08.0159 5032 usbvideo - ok
17:50:08.0191 5032 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
17:50:08.0331 5032 UxSms - ok
17:50:08.0362 5032 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
17:50:08.0425 5032 VaultSvc - ok
17:50:08.0456 5032 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:50:08.0549 5032 vdrvroot - ok
17:50:08.0612 5032 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
17:50:08.0830 5032 vds - ok
17:50:08.0877 5032 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:50:08.0986 5032 vga - ok
17:50:09.0033 5032 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
17:50:09.0173 5032 VgaSave - ok
17:50:09.0220 5032 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:50:09.0314 5032 vhdmp - ok
17:50:09.0361 5032 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
17:50:09.0439 5032 viaagp - ok
17:50:09.0485 5032 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
17:50:09.0579 5032 ViaC7 - ok
17:50:09.0610 5032 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
17:50:09.0688 5032 viaide - ok
17:50:09.0735 5032 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:50:09.0813 5032 volmgr - ok
17:50:09.0875 5032 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:50:09.0938 5032 volmgrx - ok
17:50:09.0969 5032 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:50:10.0078 5032 volsnap - ok
17:50:10.0141 5032 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:50:10.0250 5032 vsmraid - ok
17:50:10.0312 5032 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
17:50:10.0577 5032 VSS - ok
17:50:10.0609 5032 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:50:10.0702 5032 vwifibus - ok
17:50:10.0733 5032 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:50:10.0858 5032 vwififlt - ok
17:50:10.0905 5032 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:50:10.0983 5032 vwifimp - ok
17:50:11.0030 5032 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
17:50:11.0264 5032 W32Time - ok
17:50:11.0326 5032 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:50:11.0420 5032 WacomPen - ok
17:50:11.0482 5032 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:50:11.0654 5032 WANARP - ok
17:50:11.0669 5032 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:50:11.0779 5032 Wanarpv6 - ok
17:50:11.0872 5032 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
17:50:12.0122 5032 wbengine - ok
17:50:12.0184 5032 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:50:12.0325 5032 WbioSrvc - ok
17:50:12.0387 5032 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
17:50:12.0512 5032 wcncsvc - ok
17:50:12.0527 5032 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:50:12.0652 5032 WcsPlugInService - ok
17:50:12.0715 5032 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
17:50:12.0777 5032 Wd - ok
17:50:12.0839 5032 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:50:12.0980 5032 Wdf01000 - ok
17:50:13.0011 5032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
17:50:13.0151 5032 WdiServiceHost - ok
17:50:13.0167 5032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
17:50:13.0245 5032 WdiSystemHost - ok
17:50:13.0307 5032 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
17:50:13.0463 5032 WebClient - ok
17:50:13.0495 5032 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
17:50:13.0666 5032 Wecsvc - ok
17:50:13.0697 5032 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
17:50:13.0853 5032 wercplsupport - ok
17:50:13.0916 5032 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
17:50:14.0119 5032 WerSvc - ok
17:50:14.0181 5032 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:50:14.0321 5032 WfpLwf - ok
17:50:14.0353 5032 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:50:14.0431 5032 WIMMount - ok
17:50:14.0524 5032 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:50:14.0665 5032 WinDefend - ok
17:50:14.0680 5032 WinHttpAutoProxySvc - ok
17:50:14.0774 5032 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:50:14.0945 5032 Winmgmt - ok
17:50:15.0039 5032 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
17:50:15.0335 5032 WinRM - ok
17:50:15.0429 5032 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:50:15.0554 5032 WinUsb - ok
17:50:15.0632 5032 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
17:50:15.0819 5032 Wlansvc - ok
17:50:15.0850 5032 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:50:15.0928 5032 WmiAcpi - ok
17:50:15.0975 5032 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:50:16.0084 5032 wmiApSrv - ok
17:50:16.0178 5032 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:50:16.0318 5032 WMPNetworkSvc - ok
17:50:16.0365 5032 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
17:50:16.0505 5032 WPCSvc - ok
17:50:16.0552 5032 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:50:16.0693 5032 WPDBusEnum - ok
17:50:16.0755 5032 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:50:16.0864 5032 ws2ifsl - ok
17:50:16.0911 5032 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
17:50:17.0020 5032 wscsvc - ok
17:50:17.0036 5032 WSearch - ok
17:50:17.0161 5032 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
17:50:17.0363 5032 wuauserv - ok
17:50:17.0488 5032 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:50:17.0597 5032 WudfPf - ok
17:50:17.0644 5032 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:50:17.0769 5032 WUDFRd - ok
17:50:17.0831 5032 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:50:17.0941 5032 wudfsvc - ok
17:50:17.0987 5032 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\windows\System32\wwansvc.dll
17:50:18.0128 5032 WwanSvc - ok
17:50:18.0175 5032 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:50:18.0284 5032 ZTEusbmdm6k - ok
17:50:18.0315 5032 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
17:50:18.0393 5032 ZTEusbnmea - ok
17:50:18.0440 5032 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
17:50:18.0518 5032 ZTEusbser6k - ok
17:50:18.0565 5032 ================ Scan global ===============================
17:50:18.0627 5032 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
17:50:18.0705 5032 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:50:18.0799 5032 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
17:50:18.0845 5032 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
17:50:18.0923 5032 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
17:50:18.0970 5032 [Global] - ok
17:50:18.0970 5032 ================ Scan MBR ==================================
17:50:18.0986 5032 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
17:50:19.0189 5032 \Device\Harddisk0\DR0 - ok
17:50:19.0204 5032 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:50:19.0438 5032 \Device\Harddisk1\DR1 - ok
17:50:19.0438 5032 ================ Scan VBR ==================================
17:50:19.0454 5032 [ 77D2FEDC0558CA84D4756A83FA4F03C4 ] \Device\Harddisk0\DR0\Partition1
17:50:19.0454 5032 \Device\Harddisk0\DR0\Partition1 - ok
17:50:19.0469 5032 [ FF63257E6E818BAC940707B2EF653093 ] \Device\Harddisk0\DR0\Partition2
17:50:19.0469 5032 \Device\Harddisk0\DR0\Partition2 - ok
17:50:19.0501 5032 [ 119A90565444DCDD943EBBF49404CCA2 ] \Device\Harddisk1\DR1\Partition1
17:50:19.0501 5032 \Device\Harddisk1\DR1\Partition1 - ok
17:50:19.0501 5032 ============================================================
17:50:19.0501 5032 Scan finished
17:50:19.0501 5032 ============================================================
17:50:19.0532 5360 Detected object count: 5
17:50:19.0532 5360 Actual detected object count: 5
18:17:56.0976 5360 1394ohci ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0976 5360 1394ohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:56.0976 5360 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0976 5360 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:56.0992 5360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0992 5360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:56.0992 5360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0992 5360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:56.0992 5360 sffp_sd ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0992 5360 sffp_sd ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.06.2013, 18:18
| #10 |
| /// the machine /// TB-Ausbilder | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2013, 10:56
| #11 |
| | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Hier kommen die gewünschten Dateien AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.303 - Datei am 21/06/2013 um 17:28:16 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : eg - GONZO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\eg\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\eg\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\eg\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\eg\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Dexpot\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\3eyky5nd.foo\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.0.1467.0
Datei : C:\Users\eg\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2923 octets] - [21/06/2013 17:28:16]
########## EOF - C:\AdwCleaner[S1].txt - [2983 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by eg on 21.06.2013 at 18:02:47,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{040A2185-BD8C-4711-BC4B-45E44F4A4963}
~~~ Files
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\eg\AppData\Roaming\mozilla\firefox\profiles\13xvkj54.default\prefs.js
user_pref("extensions.greasemonkey.scriptvals.madd.in/GC Tour.debug_lastcachesite", "\r\n<!DOCTYPE html>\r\n<html lang=\"en\" class=\"no-js\">\r\n<head id=\"ctl00_Head1\"><met
user_pref("extensions.greasemonkey.scriptvals.userscripts.org/GCPersonalisationFix.foundCaches", "{\"GC1CZM8\":{\"WpId\":\"GC1CZM8\"},\"GC3DYR4\":{\"WpId\":\"GC3DYR4\"},\"GC2D
user_pref("extensions.greasemonkey.scriptvals.userscripts.org/GCPersonalisationFix.wpIdCache", "{\"221f1d87-8301-49ae-b67a-6c0e3c1b5579\":\"GC1CZM8\",\"97f2ceee-aa7f-418d-9fe8
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2013 at 18:09:28,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013 02
Ran by eg (administrator) on 21-06-2013 18:12:19
Running from C:\Users\eg\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe [3058304 2010-09-02] (ASUS)
HKLM\...\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1244592 2010-08-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [412600 2010-06-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto [976872 2010-06-12] (AsusTek Computer Inc.)
HKLM\...\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe [445344 2010-05-29] (ASUS)
HKLM\...\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\ASUS\GraphicsSwitch\GPUStatusMonitor.exe /keep [205304 2010-08-19] (AsusTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9722472 2010-08-24] (Realtek Semiconductor)
HKLM\...\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" [2234 2009-12-04] ()
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-09-02] (ASUSTek Computer Inc.)
HKLM\...\Run: [UIExec] "C:\Program Files\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
HKLM\...\Run: [CompeGPSDev] [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-16] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe [x]
HKCU\...\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [90624 2013-04-11] ()
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-08-11] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] AsusSender.exe C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
HKU\UpdatusUser\...\RunOnce: [Reboot] AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-08-11] (AsusTek Computer Inc.)
HKU\UpdatusUser\...\RunOnce: [AskScreensaver] AsusSender.exe C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: firebug - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: treestyletab - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi
FF Extension: No Name - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\eg\AppData\Roaming\Mozilla\Firefox\Profiles\13xvkj54.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (AdBlock) - C:\Users\eg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-05-16] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] ()
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-16] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [684664 2011-02-10] (www.ext2fsd.com)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [23144 2011-08-03] (NVIDIA Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-16] (Avira GmbH)
S3 catchme; \??\C:\Users\eg\AppData\Local\Temp\catchme.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 15:18 - 2010-11-20 14:40 - 00383786 _RASH C:\bootmgr
2013-06-21 18:09 - 2013-06-21 18:09 - 00001931 ____A C:\Users\eg\Desktop\JRT.txt
2013-06-21 18:02 - 2013-06-21 18:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 18:02 - 2013-06-21 18:02 - 00000000 ____D C:\JRT
2013-06-21 17:28 - 2013-06-21 17:29 - 00003052 ____A C:\AdwCleaner[S1].txt
2013-06-21 17:27 - 2013-06-21 17:27 - 01369341 ____A (Farbar) C:\Users\eg\Desktop\FRST.exe
2013-06-21 17:27 - 2013-06-21 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\eg\Desktop\JRT.exe
2013-06-21 17:26 - 2013-06-21 17:26 - 00648201 ____A C:\Users\eg\Desktop\adwcleaner.exe
2013-06-19 20:29 - 2013-06-19 23:03 - 00000000 ____D C:\NoMBR
2013-06-18 20:58 - 2013-06-18 20:58 - 00167560 ____A C:\Windows\Minidump\061813-18720-01.dmp
2013-06-18 20:23 - 2013-06-18 20:23 - 00167568 ____A C:\Windows\Minidump\061813-33399-01.dmp
2013-06-18 20:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-18 20:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-18 20:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-18 20:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-18 20:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-18 20:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-18 20:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-18 20:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-18 20:03 - 2013-06-18 20:05 - 00000000 ____D C:\Qoobox
2013-06-18 20:01 - 2013-06-19 22:58 - 00000000 ____D C:\Windows\erdnt
2013-06-18 07:24 - 2013-06-18 07:24 - 00000000 ____D C:\FRST
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith.zip
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith (1).zip
2013-06-13 20:51 - 2013-06-13 20:51 - 00049108 ____A C:\Users\eg\Downloads\Extras.Txt
2013-06-13 20:47 - 2013-06-13 20:47 - 00098264 ____A C:\Users\eg\Downloads\OTL.Txt
2013-06-13 20:10 - 2013-06-13 20:10 - 00377856 ____A C:\Users\eg\Downloads\gmer_2.1.19163.exe
2013-06-13 19:59 - 2013-06-13 19:59 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL (1).exe
2013-06-13 19:58 - 2013-06-13 19:58 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL.exe
2013-06-12 19:18 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 19:18 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 19:18 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 19:08 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:08 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:08 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:08 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:06 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 19:06 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 19:06 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 19:06 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 19:06 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 19:06 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 19:06 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 19:06 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 19:05 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 19:05 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 19:05 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:03 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-06 20:27 - 2013-06-06 20:27 - 00012295 ____A C:\Users\eg\Downloads\hijackthis.log
2013-06-06 20:20 - 2013-06-06 20:20 - 00139200 ____A C:\Windows\Minidump\060613-30747-01.dmp
2013-06-06 19:42 - 2013-06-06 19:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\eg\Downloads\HijackThis.exe
2013-06-06 07:45 - 2013-06-21 18:14 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-03 20:13 - 2013-06-03 20:49 - 00000000 ____D C:\Users\eg\AppData\Local\.elfohilfe
2013-06-03 19:34 - 2013-06-03 19:34 - 00000097 ___AH C:\Users\eg\Desktop\.~lock.Stundendatei_2012_Egge.xlsx#
2013-06-03 19:33 - 2013-06-03 19:33 - 00099515 ____A C:\Users\eg\Desktop\Stundendatei_2012_Egge.xlsx
2013-05-30 21:26 - 2013-05-30 21:26 - 00535305 ____A C:\Users\eg\Downloads\CalDavZAP_0.8.1.1.zip
2013-05-26 16:02 - 2013-05-26 16:02 - 00100703 ____A C:\Users\eg\Downloads\roundcube.sql.zip
2013-05-25 11:51 - 2013-05-25 11:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders ========
2030-01-01 15:18 - 2009-07-14 06:57 - 00029696 __ASH C:\Windows\System32\config\BCD-Template.LOG
2030-01-01 15:18 - 2009-07-14 06:52 - 00032768 ____A C:\Windows\System32\config\BCD-Template
2019-10-03 20:14 - 2011-02-18 17:19 - 00000000 ____D C:\Users\eg\AppData\Roaming\Adobe
2019-10-03 20:14 - 2011-02-18 17:19 - 00000000 ____D C:\Users\eg\AppData\Local\Adobe
2019-10-03 20:11 - 2011-09-06 09:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2019-10-03 20:11 - 2010-09-02 20:13 - 00000000 ____D C:\ProgramData\Adobe
2019-10-03 20:09 - 2010-09-02 20:16 - 00000000 ____D C:\Program Files\Adobe
2013-06-21 18:14 - 2013-06-06 07:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-21 18:12 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default
2013-06-21 18:09 - 2013-06-21 18:09 - 00001931 ____A C:\Users\eg\Desktop\JRT.txt
2013-06-21 18:07 - 2009-07-14 06:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-21 18:07 - 2009-07-14 06:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 18:05 - 2009-07-26 23:56 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-21 18:02 - 2013-06-21 18:02 - 00000000 ____D C:\Windows\ERUNT
2013-06-21 18:02 - 2013-06-21 18:02 - 00000000 ____D C:\JRT
2013-06-21 18:00 - 2011-06-17 18:56 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-21 17:59 - 2012-05-25 19:19 - 00017231 ____A C:\Windows\setupact.log
2013-06-21 17:59 - 2010-09-03 02:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-21 17:59 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 17:58 - 2011-02-19 07:58 - 01515393 ____A C:\Windows\WindowsUpdate.log
2013-06-21 17:53 - 2011-06-17 18:56 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-21 17:30 - 2013-04-22 21:14 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-21 17:29 - 2013-06-21 17:28 - 00003052 ____A C:\AdwCleaner[S1].txt
2013-06-21 17:27 - 2013-06-21 17:27 - 01369341 ____A (Farbar) C:\Users\eg\Desktop\FRST.exe
2013-06-21 17:27 - 2013-06-21 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\eg\Desktop\JRT.exe
2013-06-21 17:26 - 2013-06-21 17:26 - 00648201 ____A C:\Users\eg\Desktop\adwcleaner.exe
2013-06-20 17:26 - 2011-03-18 10:49 - 00000000 ____D C:\Users\eg\AppData\Local\TSVNCache
2013-06-20 07:38 - 2011-02-20 15:25 - 00000000 ____D C:\ProgramData\CompeGPS
2013-06-20 06:40 - 2010-09-03 02:54 - 00591424 ____A C:\Windows\PFRO.log
2013-06-19 23:03 - 2013-06-19 20:29 - 00000000 ____D C:\NoMBR
2013-06-19 22:58 - 2013-06-18 20:01 - 00000000 ____D C:\Windows\erdnt
2013-06-19 22:56 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-18 20:58 - 2013-06-18 20:58 - 00167560 ____A C:\Windows\Minidump\061813-18720-01.dmp
2013-06-18 20:58 - 2012-10-18 20:29 - 00000000 ____D C:\Windows\Minidump
2013-06-18 20:58 - 2012-10-18 20:28 - 283460970 ____A C:\Windows\MEMORY.DMP
2013-06-18 20:28 - 2011-02-18 17:19 - 00000000 ____D C:\users\eg
2013-06-18 20:23 - 2013-06-18 20:23 - 00167568 ____A C:\Windows\Minidump\061813-33399-01.dmp
2013-06-18 20:05 - 2013-06-18 20:03 - 00000000 ____D C:\Qoobox
2013-06-18 07:24 - 2013-06-18 07:24 - 00000000 ____D C:\FRST
2013-06-18 07:21 - 2011-02-20 13:22 - 00000000 ____D C:\Users\eg\AppData\Roaming\.purple
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith.zip
2013-06-14 20:56 - 2013-06-14 20:56 - 00624543 ____A C:\Users\eg\Downloads\5215584_Ith (1).zip
2013-06-13 20:51 - 2013-06-13 20:51 - 00049108 ____A C:\Users\eg\Downloads\Extras.Txt
2013-06-13 20:47 - 2013-06-13 20:47 - 00098264 ____A C:\Users\eg\Downloads\OTL.Txt
2013-06-13 20:10 - 2013-06-13 20:10 - 00377856 ____A C:\Users\eg\Downloads\gmer_2.1.19163.exe
2013-06-13 19:59 - 2013-06-13 19:59 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL (1).exe
2013-06-13 19:58 - 2013-06-13 19:58 - 00602112 ____A (OldTimer Tools) C:\Users\eg\Downloads\OTL.exe
2013-06-13 19:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 19:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-13 07:33 - 2012-09-30 20:44 - 00000000 ____D C:\Users\eg\AppData\Roaming\Dropbox
2013-06-13 07:28 - 2012-09-30 20:51 - 00000000 ___RD C:\Users\eg\Dropbox
2013-06-13 06:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-12 19:14 - 2012-07-03 20:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 19:14 - 2012-07-03 20:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-12 19:10 - 2011-02-19 16:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 07:30 - 2011-09-04 15:25 - 00000000 ____D C:\Users\eg\AppData\Roaming\FileZilla
2013-06-08 13:42 - 2013-06-12 19:18 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-12 19:18 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-12 19:18 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-06 20:27 - 2013-06-06 20:27 - 00012295 ____A C:\Users\eg\Downloads\hijackthis.log
2013-06-06 20:20 - 2013-06-06 20:20 - 00139200 ____A C:\Windows\Minidump\060613-30747-01.dmp
2013-06-06 19:42 - 2013-06-06 19:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\eg\Downloads\HijackThis.exe
2013-06-06 18:54 - 2012-01-28 10:21 - 00007598 ____A C:\Users\eg\AppData\Local\Resmon.ResmonCfg
2013-06-06 07:46 - 2012-06-26 21:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-06 07:45 - 2011-12-12 15:00 - 00000000 ____D C:\Program Files\BatteryBar
2013-06-03 20:49 - 2013-06-03 20:13 - 00000000 ____D C:\Users\eg\AppData\Local\.elfohilfe
2013-06-03 19:47 - 2011-03-12 10:43 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-06-03 19:34 - 2013-06-03 19:34 - 00000097 ___AH C:\Users\eg\Desktop\.~lock.Stundendatei_2012_Egge.xlsx#
2013-06-03 19:33 - 2013-06-03 19:33 - 00099515 ____A C:\Users\eg\Desktop\Stundendatei_2012_Egge.xlsx
2013-06-02 18:41 - 2013-04-07 09:52 - 00000000 ____D C:\Program Files\ElsterFormular
2013-05-30 21:26 - 2013-05-30 21:26 - 00535305 ____A C:\Users\eg\Downloads\CalDavZAP_0.8.1.1.zip
2013-05-26 16:02 - 2013-05-26 16:02 - 00100703 ____A C:\Users\eg\Downloads\roundcube.sql.zip
2013-05-26 12:23 - 2011-09-02 09:20 - 00000297 ____A C:\Users\eg\AppData\Roaming\rftg
2013-05-25 11:52 - 2013-05-25 11:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 00:43
==================== End Of Log ============================
--- --- --- |
|
22.06.2013, 13:19
| #12 |
| /// the machine /// TB-Ausbilder | Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? Supi, ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log, noch probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner? |
| 32 bit, adblock, antivir, avira, bho, bonjour, browser, converter, cpu-last, desktop, error, firefox, flash player, galaxy, gmer.log, home, hängt, install.exe, installation, mozilla, mp3, ntdll.dll, nvpciflt.sys, plug-in, programm, realtek, registry, scan, security, software, svchost.exe, tablet, total commander, trojaner, trojaner?, windows, wlansvc, wrapper |
Linear-Darstellung
