|
Log-Analyse und Auswertung: TR/Spy.ZBot.mhlv.2 bei AVIRA gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.06.2013, 09:31 | #1 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Hallo, Avira hat auf meinem Rechner folgenden Trojaner gefunden: 'TR/Spy.ZBot.mhlv.2' in der Datei C:\Users\XXX\AppData\Local\Temp\tmp143c9259\gw01.exe. Der zugriff wurde durch Avira verweigert, der Trojaner taucht immer wieder auf. Was soll ich tun? |
18.06.2013, 10:34 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
18.06.2013, 14:32 | #3 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Hier die kompletten Logs von Avira und Malewarebytes...
__________________Vieln Dank schonmal für deine schnelle Antwort Avira: 18.06.2013 10:01 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde abgebrochen!]. Anzahl Dateien: 0 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 18.06.2013 09:50 [Planer] Auftrag gestartet Auftrag "Vollständige Systemprüfung" wurde erfolgreich gestartet. 18.06.2013 09:45 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert: vbase031.vdf 7.11.85.28 aevdf.dat 7.11.85.28 18.06.2013 09:44 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.60 VDF Version: 7.11.85.28 18.06.2013 09:43 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 18.06.2013 09:42 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 935 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 18.06.2013 09:39 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp143c9259\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 18.06.2013 09:39 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.85.14 18.06.2013 09:39 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.85.14 18.06.2013 09:38 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 17.06.2013 12:45 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 17.06.2013 12:45 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 17.06.2013 11:38 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert: vbase031.vdf 7.11.85.14 aevdf.dat 7.11.85.14 17.06.2013 11:38 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.60 VDF Version: 7.11.85.14 17.06.2013 11:37 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp54f15984\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 17.06.2013 11:37 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 16.06.2013 19:54 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp024ec518\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 19:54 [Updater] Update nicht ausgeführt Das Update von Computer LUKAS-PC (127.0.0.1) von "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. Es wurden keine neuen Dateien geladen. 16.06.2013 19:54 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 16.06.2013 19:49 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.84.240 16.06.2013 19:49 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.84.240 16.06.2013 19:49 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 16.06.2013 13:08 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 13:08 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 12:18 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.84.240 16.06.2013 12:18 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.84.240 16.06.2013 12:18 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 16.06.2013 12:17 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 12:17 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 12:13 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert: vbase024.vdf 7.11.84.233 vbase025.vdf 7.11.84.234 vbase026.vdf 7.11.84.235 vbase027.vdf 7.11.84.236 vbase028.vdf 7.11.84.237 vbase029.vdf 7.11.84.238 vbase030.vdf 7.11.84.239 vbase031.vdf 7.11.84.240 aevdf.dat 7.11.84.240 16.06.2013 12:13 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.60 VDF Version: 7.11.84.240 16.06.2013 12:12 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 16.06.2013 00:22 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 455132 Anzahl Verzeichnisse: 32354 Anzahl Malware: 0 Anzahl Warnungen: 0 15.06.2013 22:31 [Planer] Auftrag gestartet Auftrag "Vollständige Systemprüfung" wurde erfolgreich gestartet. 15.06.2013 21:45 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 828 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 15.06.2013 21:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp23e20196\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 15.06.2013 21:43 [Updater] Update erfolgreich durchgeführt Update auf Computer LUKAS-PC (192.168.2.102) von "hxxp://80.190.148.75/update" wurde erfolgreich durchgeführt. Es sind keine neuen Engine/VDF Dateien verfügbar. 15.06.2013 21:43 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 15.06.2013 16:12 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.84.224 15.06.2013 16:12 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.84.224 15.06.2013 16:11 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 15.06.2013 16:09 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 16:09 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 15:49 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp176aa533\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Spy.ZBot.mhlv.2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 15.06.2013 15:45 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.84.224 15.06.2013 15:45 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert: vbase023.vdf 7.11.84.163 vbase024.vdf 7.11.84.164 vbase025.vdf 7.11.84.165 vbase026.vdf 7.11.84.166 vbase027.vdf 7.11.84.167 vbase028.vdf 7.11.84.168 vbase029.vdf 7.11.84.169 vbase030.vdf 7.11.84.170 vbase031.vdf 7.11.84.224 aevdf.dat 7.11.84.224 aeheur.dll 8.1.4.412 aerdl.dll 8.2.0.128 aescript.dll 8.1.4.122 aevdf.dll 8.1.3.4 aeset.dat 8.2.12.60 avreg.yml 13.6.0.1762 15.06.2013 15:45 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.84.224 15.06.2013 15:44 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 15:43 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 13.06.2013 14:00 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 12.06.2013 23:51 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert: vbase031.vdf 7.11.84.102 aevdf.dat 7.11.84.102 12.06.2013 23:51 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.58 VDF Version: 7.11.84.102 12.06.2013 23:50 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 12.06.2013 22:15 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.58 VDF Version: 7.11.84.94 12.06.2013 22:15 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.58 VDF Version: 7.11.84.94 12.06.2013 22:15 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 12.06.2013 22:14 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 12.06.2013 22:14 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 12.06.2013 17:56 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.58 VDF Version: 7.11.84.94 12.06.2013 17:56 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.58 VDF Version: 7.11.84.94 12.06.2013 17:55 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 12.06.2013 17:54 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 12.06.2013 17:54 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 12.06.2013 17:51 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert: vbase022.vdf 7.11.84.59 vbase023.vdf 7.11.84.60 vbase024.vdf 7.11.84.61 vbase025.vdf 7.11.84.62 vbase026.vdf 7.11.84.63 vbase027.vdf 7.11.84.64 vbase028.vdf 7.11.84.65 vbase029.vdf 7.11.84.66 vbase030.vdf 7.11.84.67 vbase031.vdf 7.11.84.94 aevdf.dat 7.11.84.94 12.06.2013 17:51 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.58 VDF Version: 7.11.84.94 12.06.2013 17:50 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 12.06.2013 17:44 [Updater] Update nicht ausgeführt Das Update von Computer LUKAS-PC (192.168.2.102) von "hxxp://89.105.213.17/update" ist fehlgeschlagen. Das Engine/VDF Set konnte nicht validiert werden. Es wurden keine neuen Dateien geladen. 12.06.2013 11:50 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 11.06.2013 23:41 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.17/update" aktualisiert: vbase031.vdf 7.11.84.40 aevdf.dat 7.11.84.40 11.06.2013 23:41 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.58 VDF Version: 7.11.84.40 11.06.2013 23:40 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 11.06.2013 21:48 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.58 VDF Version: 7.11.84.28 11.06.2013 21:48 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.58 VDF Version: 7.11.84.28 11.06.2013 21:48 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 11.06.2013 18:03 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 11.06.2013 18:03 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 11.06.2013 17:47 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.58 VDF Version: 7.11.84.28 11.06.2013 17:47 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.58 VDF Version: 7.11.84.28 11.06.2013 17:46 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 11.06.2013 17:45 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 11.06.2013 17:45 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 11.06.2013 17:44 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 4234 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 11.06.2013 17:42 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert: vbase021.vdf 7.11.83.210 vbase022.vdf 7.11.83.211 vbase023.vdf 7.11.83.212 vbase024.vdf 7.11.83.213 vbase025.vdf 7.11.83.214 vbase026.vdf 7.11.83.215 vbase027.vdf 7.11.83.216 vbase028.vdf 7.11.83.217 vbase029.vdf 7.11.83.218 vbase030.vdf 7.11.83.219 vbase031.vdf 7.11.84.28 aevdf.dat 7.11.84.28 aepack.dll 8.3.2.16 aeset.dat 8.2.12.58 11.06.2013 17:42 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.58 VDF Version: 7.11.84.28 11.06.2013 17:40 [Planer] Auftrag gestartet Auftrag "Schnelle Systemprüfung" wurde erfolgreich gestartet. 11.06.2013 17:40 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 09.06.2013 06:50 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmpf92f1b26\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'WORM/Luder.blat' [worm] gefunden. Ausgeführte Aktion: Zugriff verweigern 09.06.2013 06:50 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 08.06.2013 16:41 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 450999 Anzahl Verzeichnisse: 32140 Anzahl Malware: 0 Anzahl Warnungen: 0 08.06.2013 14:52 [Planer] Auftrag gestartet Auftrag "Vollständige Systemprüfung" wurde erfolgreich gestartet. 08.06.2013 13:20 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert: vbase020.vdf 7.11.83.121 vbase021.vdf 7.11.83.135 vbase022.vdf 7.11.83.136 vbase023.vdf 7.11.83.137 vbase024.vdf 7.11.83.138 vbase025.vdf 7.11.83.139 vbase026.vdf 7.11.83.140 vbase027.vdf 7.11.83.141 vbase028.vdf 7.11.83.142 vbase029.vdf 7.11.83.143 vbase030.vdf 7.11.83.144 vbase031.vdf 7.11.83.160 aevdf.dat 7.11.83.160 08.06.2013 13:20 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.56 VDF Version: 7.11.83.160 08.06.2013 13:19 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 08.06.2013 13:14 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.56 VDF Version: 7.11.83.78 08.06.2013 13:14 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.56 VDF Version: 7.11.83.78 08.06.2013 13:14 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 08.06.2013 01:23 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 08.06.2013 01:23 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 08.06.2013 00:48 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 08.06.2013 00:48 [Updater] Update nicht ausgeführt Das Update von Computer LUKAS-PC (192.168.2.102) von "hxxp://80.190.148.74/update" ist fehlgeschlagen. Das Engine/VDF Set konnte nicht validiert werden. Es wurden keine neuen Dateien geladen. 07.06.2013 10:11 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Lukas\AppData\Local\Temp\tmp7b9f056c\gw01.exe' wurde ein Virus oder unerwünschtes Programm 'WORM/Luder.bjmz.1' [worm] gefunden. Ausgeführte Aktion: Zugriff verweigern 07.06.2013 10:10 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 06.06.2013 18:59 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.74/update" aktualisiert: vbase019.vdf 7.11.83.27 vbase020.vdf 7.11.83.28 vbase021.vdf 7.11.83.29 vbase022.vdf 7.11.83.30 vbase023.vdf 7.11.83.31 vbase024.vdf 7.11.83.32 vbase025.vdf 7.11.83.33 vbase026.vdf 7.11.83.34 vbase027.vdf 7.11.83.35 vbase028.vdf 7.11.83.36 vbase029.vdf 7.11.83.37 vbase030.vdf 7.11.83.38 vbase031.vdf 7.11.83.78 aevdf.dat 7.11.83.78 aeheur.dll 8.1.4.402 aescript.dll 8.1.4.120 aeset.dat 8.2.12.56 06.06.2013 18:59 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.56 VDF Version: 7.11.83.78 06.06.2013 18:57 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 06.06.2013 18:52 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 06.06.2013 18:52 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 06.06.2013 18:52 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 06.06.2013 18:51 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 06.06.2013 18:51 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 06.06.2013 18:49 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 06.06.2013 18:49 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 06.06.2013 18:49 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 05.06.2013 17:54 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 05.06.2013 17:54 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 05.06.2013 17:35 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 05.06.2013 17:35 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 05.06.2013 17:35 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 05.06.2013 17:34 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 05.06.2013 17:34 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 05.06.2013 17:33 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert: vbase031.vdf 7.11.83.0 aevdf.dat 7.11.83.0 avreg.yml 13.6.0.1320 05.06.2013 17:33 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 05.06.2013 17:33 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.54 VDF Version: 7.11.83.0 05.06.2013 17:33 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 05.06.2013 17:32 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 05.06.2013 17:27 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.54 VDF Version: 7.11.82.220 05.06.2013 17:27 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.54 VDF Version: 7.11.82.220 05.06.2013 17:27 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 04.06.2013 19:02 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 04.06.2013 19:02 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 04.06.2013 18:24 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://80.190.148.75/update" aktualisiert: vbase018.vdf 7.11.82.169 vbase019.vdf 7.11.82.170 vbase020.vdf 7.11.82.171 vbase021.vdf 7.11.82.172 vbase022.vdf 7.11.82.173 vbase023.vdf 7.11.82.174 vbase024.vdf 7.11.82.175 vbase025.vdf 7.11.82.176 vbase026.vdf 7.11.82.177 vbase027.vdf 7.11.82.178 vbase028.vdf 7.11.82.179 vbase029.vdf 7.11.82.180 vbase030.vdf 7.11.82.181 vbase031.vdf 7.11.82.220 aevdf.dat 7.11.82.220 aehelp.dll 8.1.27.2 aeheur.dll 8.1.4.396 aepack.dll 8.3.2.14 aerdl.dll 8.2.0.118 aevdf.dll 8.1.3.2 aeexp.dll 8.4.0.34 aeset.dat 8.2.12.54 04.06.2013 18:24 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.54 VDF Version: 7.11.82.220 04.06.2013 18:22 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 04.06.2013 18:18 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.50 VDF Version: 7.11.82.146 04.06.2013 18:18 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.50 VDF Version: 7.11.82.146 04.06.2013 18:17 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 03.06.2013 23:29 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 03.06.2013 23:29 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 03.06.2013 23:13 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.50 VDF Version: 7.11.82.146 03.06.2013 23:13 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.50 VDF Version: 7.11.82.146 03.06.2013 23:13 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 03.06.2013 18:52 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 03.06.2013 18:52 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 03.06.2013 18:25 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 4075 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 03.06.2013 18:24 [Updater] Update erfolgreich durchgeführt Update von Avira Free Antivirus auf Computer LUKAS-PC (192.168.2.102) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.18/update" aktualisiert: vbase002.vdf 7.11.80.60 vbase003.vdf 7.11.80.61 vbase004.vdf 7.11.80.62 vbase005.vdf 7.11.80.63 vbase006.vdf 7.11.80.64 vbase007.vdf 7.11.80.65 vbase008.vdf 7.11.80.66 vbase009.vdf 7.11.80.67 vbase010.vdf 7.11.80.68 vbase011.vdf 7.11.80.69 vbase012.vdf 7.11.80.70 vbase013.vdf 7.11.80.71 vbase014.vdf 7.11.81.57 vbase015.vdf 7.11.81.137 vbase016.vdf 7.11.81.255 vbase017.vdf 7.11.82.91 vbase018.vdf 7.11.82.92 vbase019.vdf 7.11.82.93 vbase020.vdf 7.11.82.94 vbase021.vdf 7.11.82.95 vbase022.vdf 7.11.82.96 vbase023.vdf 7.11.82.97 vbase024.vdf 7.11.82.98 vbase025.vdf 7.11.82.99 vbase026.vdf 7.11.82.100 vbase027.vdf 7.11.82.101 vbase028.vdf 7.11.82.102 vbase029.vdf 7.11.82.103 vbase030.vdf 7.11.82.104 vbase031.vdf 7.11.82.146 aevdf.dat 7.11.82.146 antivir0.rdf 10.0.1.36 aeheur.dll 8.1.4.386 aescript.dll 8.1.4.118 aeexp.dll 8.4.0.32 aeset.dat 8.2.12.50 03.06.2013 18:24 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.50 VDF Version: 7.11.82.146 03.06.2013 18:22 [Planer] Auftrag gestartet Auftrag "Schnelle Systemprüfung" wurde erfolgreich gestartet. 03.06.2013 18:22 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 03.06.2013 18:17 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.44 VDF Version: 7.11.79.56 03.06.2013 18:17 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.44 VDF Version: 7.11.79.56 03.06.2013 18:17 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Lukas :: LUKAS-PC [Administrator] Schutz: Aktiviert 18.06.2013 10:04:54 MBAM-log-2013-06-18 (15-30-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381076 Laufzeit: 1 Stunde(n), 44 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yxguodvuud (Trojan.Agent.ACR) -> Daten: C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe (Trojan.Agent.ACR) -> Keine Aktion durchgeführt. |
18.06.2013, 14:37 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Die Logs bitte in CODE-Tags posten Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2013, 15:23 | #5 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefundenCode:
ATTFilter OTL logfile created on: 18.06.2013 15:49:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,77% Memory free 3,46 Gb Paging File | 1,95 Gb Available in Paging File | 56,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 161,20 Gb Free Space | 56,96% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes\{3C7CDAAC-AAAE-4083-B218-43B488DCDEC0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=7435E816-75F4-4DF3-A8AF-F23530A5A749&apn_sauid=2862A24A-2F65-4B5E-97A8-1972E7913928 IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.12 14:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\r7i8jz36.default\extensions [2013.05.12 14:54:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.18 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 16:24:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1" File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001..\Run: [Yxguodvuud] C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF56CDC8-8111-4A1A-8FD2-5943080DB6B7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 10:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2013.06.18 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.18 10:02:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.18 10:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.18 10:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs [2013.06.17 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Tribes - Wish to Scream (2013) [2013.06.16 12:14:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.16 12:14:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 22:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2013.06.15 15:48:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.15 15:48:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.15 15:48:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.15 15:48:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.15 15:48:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.15 15:48:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.15 15:48:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.15 15:48:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.15 15:48:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.15 15:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.15 15:48:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.15 15:48:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.15 15:48:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:08:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:08:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 18:08:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:08:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:08:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 18:08:06 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:08:06 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:08:06 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:08:05 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:08:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 18:08:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 18:07:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 18:07:39 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.04 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.06.18 15:48:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 15:42:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 15:42:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 15:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 15:35:09 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys [2013.06.18 10:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2013.06.18 10:41:41 | 000,050,477 | ---- | M] () -- C:\Users\Lukas\Desktop\Defogger.exe [2013.06.18 10:02:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:48:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 17:48:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2013.06.18 10:41:37 | 000,050,477 | ---- | C] () -- C:\Users\Lukas\Desktop\Defogger.exe [2013.06.18 10:02:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 20:34:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll [2010.12.02 10:24:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.06.2013 15:49:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,77% Memory free 3,46 Gb Paging File | 1,95 Gb Available in Paging File | 56,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 161,20 Gb Free Space | 56,96% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0027BA6E-5A23-459D-9D6E-B5D3DC2B59DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{4A0A50F1-CAD8-42CE-8762-4CB93FA6A242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{605739C7-191B-47C1-80D2-FBECD8F60EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{77DFF8B0-A25A-415C-A2EC-42225C0ED7C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8603BC6D-77F0-494C-9815-5FDC89FF3440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9F38957F-8F95-4B72-BE66-3987244A23F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A6F13346-E25A-4217-97A2-3B0257C7E5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7893A2D-EB71-4952-BDAC-09F2F01845B1}" = rport=10243 | protocol=6 | dir=out | app=system | "{D36DB4E5-EE14-4046-8641-40A2F3E681E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D617FFA6-48BC-479B-8FD9-0DA61EA3A442}" = lport=10243 | protocol=6 | dir=in | app=system | "{F74EC312-656A-4529-9580-D88F44B01FAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C56DC9-0B22-46F9-BA02-20AFD48CC6F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{08FE0D3D-5E72-4288-ACBF-18330A2AF700}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C2CA729-EA87-4911-A54D-E9D9B5A853CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{21E5A09C-4702-45CC-8C4E-56DADD986025}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | "{23AD006F-B671-45AA-925B-4B099CC7E7C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2DBF95C5-BD37-453B-A835-1AB9D4F0CAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{422D80A2-C2DF-4FA5-BBE6-7AEF77D750A4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{4A2EDF64-303D-40F5-B3D6-9F6771E86B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{4DFB5CEA-0BF7-4D90-9A81-1BFF3EBC05B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{53D1FA55-188A-4008-BF8B-3C337C0FABD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54BA2223-C664-4D9D-B170-69E8182108E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{61D6A021-DA25-48A7-8144-026B53C1A05B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63691C27-6AB9-4C32-A845-0B5BFDEDB726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{80714254-5761-48C1-9769-9688CE6FDC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{83AA4C8E-83FF-447A-BA13-5E400C5DF97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{854638FD-5A53-43CC-AF7D-D781DD13D0C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8B61E41B-ADFA-4DCE-BB81-D558D4B81C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C2AD52A-5B84-45F5-B7EF-D0912F095A18}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9673B0BE-4924-4AC8-9BD0-B4340ABA5DE5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{9E77838A-335C-4A4F-9BC2-41EA5BB392D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A2247939-EB26-4EE2-BF18-1F1B2C64EBC1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A383EA9B-8DAD-46DE-8C1C-E3268E08375C}" = protocol=6 | dir=out | app=system | "{A58417B0-6151-46C8-89AC-1EB8320EDF6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9960DFF-8481-43BE-8554-BBDAA374339A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{AF8C9E41-7FD6-4F35-931F-EF9A2768053E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C105B4E3-EEA6-4179-AE21-C9A4D4DCC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C1E7EC0E-8B81-4186-AF31-CEC958E4B2A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA9C8C06-1420-4253-B956-6B028D6DB385}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D9A0E4DC-5A5F-497F-854F-F363A1803A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DBC54CD8-B12E-43AC-9C9F-A88DCBC294BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F01FDF67-A4F5-4AEB-971A-7EEE604F1D4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F87825F7-B848-4D13-AB84-0D9B7B6B99B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F90AC0C9-BBBE-434F-990F-7EE32AF238F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{6B870DA3-4138-400E-99FF-D9BAF1F5D62B}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | "UDP Query User{76155ABD-C9A3-4099-A92F-74232E61C9A3}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64 "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARDR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARDR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARDR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-1000-0000000FF1CE}_Office14.STANDARDR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARDR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.STANDARDR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010 "{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office14.STANDARDR" = Microsoft Office Standard 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All "{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy "{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek "{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai "{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese "{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard "{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian "{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian "{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French "{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish "{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish "{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Free Antivirus "Fliqlo" = Fliqlo Bildschirmschoner "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "Simfy" = simfy "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.05.2013 01:01:49 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16083 Error - 13.05.2013 01:01:49 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16083 Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16411 Error - 15.05.2013 03:55:34 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16411 Error - 15.05.2013 14:41:18 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0032ffd0 ID des fehlerhaften Prozesses: 0xccc Startzeit der fehlerhaften Anwendung: 0x01ce519bc6dd18e8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 077513de-bd8f-11e2-95b1-1c7508ac783a Error - 16.05.2013 09:07:37 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: yvmea.exe, Version: 10.2.4.16, Zeitstempel: 0x506efb7c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005dff60 ID des fehlerhaften Prozesses: 0xa28 Startzeit der fehlerhaften Anwendung: 0x01ce520d31e8bda7 Pfad der fehlerhaften Anwendung: C:\Users\Lukas\AppData\Roaming\Peyt\yvmea.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 941133c3-be29-11e2-97cb-1c7508ac783a Error - 16.05.2013 09:07:37 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PmmUpdate.exe, Version: 1.1.36.0, Zeitstempel: 0x4c932097 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0xaa8 Startzeit der fehlerhaften Anwendung: 0x01ce520d32b3129e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 944f178a-be29-11e2-97cb-1c7508ac783a Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8699396 Error - 16.05.2013 09:07:38 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8699396 [ System Events ] Error - 17.05.2013 11:17:00 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD External Events Utility erreicht. Error - 17.05.2013 11:17:00 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 17.05.2013 11:25:59 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD External Events Utility erreicht. Error - 17.05.2013 11:25:59 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 18.05.2013 13:00:50 | Computer Name = Lukas-PC | Source = WMPNetworkSvc | ID = 866333 Description = Error - 08.06.2013 09:15:21 | Computer Name = Lukas-PC | Source = volsnap | ID = 393224 Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten. Error - 11.06.2013 11:40:16 | Computer Name = Lukas-PC | Source = DCOM | ID = 10010 Description = Error - 12.06.2013 11:44:35 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12.06.2013 16:13:55 | Computer Name = Lukas-PC | Source = DCOM | ID = 10010 Description = Error - 15.06.2013 09:44:22 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. < End of report > |
18.06.2013, 23:53 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden |
19.06.2013, 17:59 | #7 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Combofix: Code:
ATTFilter ComboFix 13-06-18.02 - Lukas 19.06.2013 18:32:58.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1771.821 [GMT 2:00] ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0544F847-3CC6-4A5D-84D2-9ABD5BF01DE6}.xps . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 )))))))))))))))))))))))))))))) . . 2013-06-19 16:43 . 2013-06-19 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-18 08:02 . 2013-06-18 08:02 -------- d-----w- c:\users\Lukas\AppData\Roaming\Malwarebytes 2013-06-18 08:02 . 2013-06-18 08:02 -------- d-----w- c:\programdata\Malwarebytes 2013-06-18 08:02 . 2013-06-18 08:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-18 08:02 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-18 08:01 . 2013-06-18 08:01 -------- d-----w- c:\users\Lukas\AppData\Local\Programs 2013-06-15 20:31 . 2013-06-15 20:31 -------- d-----w- c:\windows\Profiles 2013-06-12 16:08 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 16:07 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 16:07 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-04 16:20 . 2013-06-07 22:51 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-15 13:49 . 2011-06-02 18:34 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-12 15:48 . 2012-09-01 12:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 15:48 . 2011-05-31 21:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-14 12:25 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-07 21:12 . 2013-05-07 21:13 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-13 05:49 . 2013-05-16 08:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 08:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 08:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 08:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 08:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 08:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-25 17:01 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-16 08:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-16 08:24 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-16 08:23 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-04-06 12:50 . 2012-10-31 09:46 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-06 12:50 . 2011-06-27 10:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-04 03:35 . 2013-05-09 15:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-01 12:19 . 2013-04-01 12:20 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-04-01 12:19 . 2013-04-01 12:20 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-04-01 12:19 . 2013-04-01 12:20 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-04-01 06:03 . 2013-05-16 08:23 78680 ----a-w- c:\windows\system32\mcupdate_AuthenticAMD.dll 2013-03-29 02:04 . 2013-03-29 02:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-29 02:04 . 2013-03-29 02:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-29 02:04 . 2013-03-29 02:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-29 02:04 . 2013-03-29 02:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-29 02:04 . 2013-03-29 02:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-29 02:04 . 2013-03-29 02:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-29 02:04 . 2013-03-29 02:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-29 02:04 . 2013-03-29 02:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-29 02:04 . 2013-03-29 02:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-29 02:04 . 2013-03-29 02:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-29 02:04 . 2013-03-29 02:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-29 02:04 . 2013-03-29 02:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-29 02:04 . 2013-03-29 02:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-29 02:04 . 2013-03-29 02:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-29 02:04 . 2013-03-29 02:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-29 02:04 . 2013-03-29 02:04 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-29 02:04 . 2013-03-29 02:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-29 02:04 . 2013-03-29 02:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-29 02:04 . 2013-03-29 02:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-29 02:04 . 2013-03-29 02:04 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-29 02:04 . 2013-03-29 02:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-29 02:04 . 2013-03-29 02:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-29 02:04 . 2013-03-29 02:04 441856 ----a-w- c:\windows\system32\html.iec 2013-03-29 02:04 . 2013-03-29 02:04 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-29 02:04 . 2013-03-29 02:04 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-29 02:04 . 2013-03-29 02:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-29 02:04 . 2013-03-29 02:04 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-29 02:04 . 2013-03-29 02:04 235008 ----a-w- c:\windows\system32\url.dll 2013-03-29 02:04 . 2013-03-29 02:04 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-29 02:04 . 2013-03-29 02:04 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-29 02:04 . 2013-03-29 02:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-29 02:04 . 2013-03-29 02:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-29 02:04 . 2013-03-29 02:04 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-29 02:04 . 2013-03-29 02:04 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-29 02:04 . 2013-03-29 02:04 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-29 02:04 . 2013-03-29 02:04 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-29 02:04 . 2013-03-29 02:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-29 02:04 . 2013-03-29 02:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-29 02:04 . 2013-03-29 02:04 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-29 02:04 . 2013-03-29 02:04 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-29 02:04 . 2013-03-29 02:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-29 02:04 . 2013-03-29 02:04 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-29 02:04 . 2013-03-29 02:04 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-29 02:04 . 2013-03-29 02:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-29 02:04 . 2013-03-29 02:04 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-29 02:04 . 2013-03-29 02:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-29 02:04 . 2013-03-29 02:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-29 02:04 . 2013-03-29 02:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-29 02:04 . 2013-03-29 02:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-31 1029200] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 15:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\ FF - ExtSQL: 2013-05-12 14:54; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Yxguodvuud - c:\users\Lukas\AppData\Roaming\Peyt\yvmea.exe Wow6432Node-HKLM-Run-MDS_Menu - c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-19 18:48:49 ComboFix-quarantined-files.txt 2013-06-19 16:48 . Vor Suchlauf: 9 Verzeichnis(se), 173.411.282.944 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 173.834.547.200 Bytes frei . - - End Of File - - 8562C84E0F5B8556057A9D4A20133D98 A36C5E4F47E84449FF07ED3517B43A31 |
19.06.2013, 18:55 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2013, 20:05 | #9 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden mbar hatt nichts gefunden. Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-19 20:21:11 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3265GSX rev.GJ002J 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fwloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74] .text ... * 2 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74] .text C:\Program Files (x86)\Launch Manager\LManager.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1036:1652] 000007fef6d45170 Thread C:\Windows\system32\svchost.exe [1036:2636] 000007fefa45341c Thread C:\Windows\system32\svchost.exe [1036:1096] 000007fefa453a2c Thread C:\Windows\system32\svchost.exe [1036:3736] 000007fefa453768 Thread C:\Windows\system32\svchost.exe [1036:400] 000007fefa455c20 Thread C:\Windows\System32\spoolsv.exe [1284:1852] 000007fef60610c8 Thread C:\Windows\System32\spoolsv.exe [1284:2772] 000007fef62a6144 Thread C:\Windows\System32\spoolsv.exe [1284:2828] 000007fef6025fd0 Thread C:\Windows\System32\spoolsv.exe [1284:2848] 000007fef6303438 Thread C:\Windows\System32\spoolsv.exe [1284:2696] 000007fef60263ec Thread C:\Windows\System32\spoolsv.exe [1284:2856] 000007fef6a85e5c Thread C:\Windows\System32\spoolsv.exe [1284:2408] 000007fef64d5074 ---- EOF - GMER 2.1 ---- Code:
ATTFilter AMalwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Lukas :: LUKAS-PC [administrator] 19.06.2013 20:33:26 mbar-log-2013-06-19 (20-33-26).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 259428 Time elapsed: 24 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
19.06.2013, 20:24 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2013, 21:03 | #11 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden aswMBR: HTML-Code: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-06-19 21:31:24 ----------------------------- 21:31:24.971 OS Version: Windows x64 6.1.7601 Service Pack 1 21:31:24.971 Number of processors: 2 586 0x100 21:31:24.971 ComputerName: LUKAS-PC UserName: Lukas 21:31:26.110 Initialize success 21:33:12.834 AVAST engine defs: 13061901 21:33:45.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:33:45.190 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11 21:33:45.331 Disk 0 MBR read successfully 21:33:45.331 Disk 0 MBR scan 21:33:45.487 Disk 0 Windows 7 default MBR code 21:33:45.518 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 21:33:45.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328 21:33:45.643 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128 21:33:45.877 Disk 0 scanning C:\Windows\system32\drivers 21:34:07.654 Service scanning 21:35:04.454 Modules scanning 21:35:04.470 Disk 0 trace - called modules: 21:35:04.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:35:04.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002495060] 21:35:04.532 3 CLASSPNP.SYS[fffff8800190b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fbd680] 21:35:05.421 AVAST engine scan C:\Windows 21:35:10.647 AVAST engine scan C:\Windows\system32 21:41:52.887 AVAST engine scan C:\Windows\system32\drivers 21:42:17.258 AVAST engine scan C:\Users\Lukas 21:55:24.079 AVAST engine scan C:\ProgramData 21:58:00.223 Scan finished successfully 22:01:16.970 Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Desktop\MBR.dat" 22:01:16.986 The log file has been saved successfully to "C:\Users\Lukas\Desktop\aswMBR.txt" Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-06-19 21:31:24 ----------------------------- 21:31:24.971 OS Version: Windows x64 6.1.7601 Service Pack 1 21:31:24.971 Number of processors: 2 586 0x100 21:31:24.971 ComputerName: LUKAS-PC UserName: Lukas 21:31:26.110 Initialize success 21:33:12.834 AVAST engine defs: 13061901 21:33:45.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:33:45.190 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11 21:33:45.331 Disk 0 MBR read successfully 21:33:45.331 Disk 0 MBR scan 21:33:45.487 Disk 0 Windows 7 default MBR code 21:33:45.518 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048 21:33:45.565 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328 21:33:45.643 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128 21:33:45.877 Disk 0 scanning C:\Windows\system32\drivers 21:34:07.654 Service scanning 21:35:04.454 Modules scanning 21:35:04.470 Disk 0 trace - called modules: 21:35:04.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:35:04.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002495060] 21:35:04.532 3 CLASSPNP.SYS[fffff8800190b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8001fbd680] 21:35:05.421 AVAST engine scan C:\Windows 21:35:10.647 AVAST engine scan C:\Windows\system32 21:41:52.887 AVAST engine scan C:\Windows\system32\drivers 21:42:17.258 AVAST engine scan C:\Users\Lukas 21:55:24.079 AVAST engine scan C:\ProgramData 21:58:00.223 Scan finished successfully 22:01:16.970 Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Desktop\MBR.dat" 22:01:16.986 The log file has been saved successfully to "C:\Users\Lukas\Desktop\aswMBR.txt" |
19.06.2013, 21:15 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2013, 21:18 | #13 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden TDSS-Killer Code:
ATTFilter 22:12:32.0351 2420 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:12:32.0835 2420 ============================================================ 22:12:32.0835 2420 Current date / time: 2013/06/19 22:12:32.0835 22:12:32.0835 2420 SystemInfo: 22:12:32.0835 2420 22:12:32.0835 2420 OS Version: 6.1.7601 ServicePack: 1.0 22:12:32.0835 2420 Product type: Workstation 22:12:32.0835 2420 ComputerName: LUKAS-PC 22:12:32.0835 2420 UserName: Lukas 22:12:32.0835 2420 Windows directory: C:\Windows 22:12:32.0835 2420 System windows directory: C:\Windows 22:12:32.0835 2420 Running under WOW64 22:12:32.0835 2420 Processor architecture: Intel x64 22:12:32.0835 2420 Number of processors: 2 22:12:32.0835 2420 Page size: 0x1000 22:12:32.0835 2420 Boot type: Normal boot 22:12:32.0835 2420 ============================================================ 22:12:34.0567 2420 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:12:34.0582 2420 ============================================================ 22:12:34.0582 2420 \Device\Harddisk0\DR0: 22:12:34.0582 2420 MBR partitions: 22:12:34.0582 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 22:12:34.0582 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x235FB800 22:12:34.0582 2420 ============================================================ 22:12:34.0629 2420 C: <-> \Device\Harddisk0\DR0\Partition2 22:12:34.0645 2420 ============================================================ 22:12:34.0660 2420 Initialize success 22:12:34.0660 2420 ============================================================ 22:13:49.0306 4908 ============================================================ 22:13:49.0306 4908 Scan started 22:13:49.0306 4908 Mode: Manual; SigCheck; TDLFS; 22:13:49.0306 4908 ============================================================ 22:13:49.0603 4908 ================ Scan system memory ======================== 22:13:49.0603 4908 System memory - ok 22:13:49.0618 4908 ================ Scan services ============================= 22:13:49.0852 4908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:13:50.0367 4908 1394ohci - ok 22:13:50.0430 4908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:13:50.0476 4908 ACPI - ok 22:13:50.0523 4908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:13:50.0664 4908 AcpiPmi - ok 22:13:50.0804 4908 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:13:50.0851 4908 AdobeFlashPlayerUpdateSvc - ok 22:13:50.0913 4908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:13:50.0960 4908 adp94xx - ok 22:13:50.0991 4908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:13:51.0022 4908 adpahci - ok 22:13:51.0038 4908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:13:51.0069 4908 adpu320 - ok 22:13:51.0100 4908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:13:51.0288 4908 AeLookupSvc - ok 22:13:51.0350 4908 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:13:51.0459 4908 AFD - ok 22:13:51.0506 4908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:13:51.0537 4908 agp440 - ok 22:13:51.0568 4908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:13:51.0662 4908 ALG - ok 22:13:51.0709 4908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:13:51.0740 4908 aliide - ok 22:13:51.0802 4908 [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 22:13:51.0912 4908 AMD External Events Utility - ok 22:13:51.0958 4908 AMD FUEL Service - ok 22:13:52.0005 4908 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe 22:13:52.0036 4908 AMD Reservation Manager - ok 22:13:52.0068 4908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:13:52.0099 4908 amdide - ok 22:13:52.0146 4908 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 22:13:52.0380 4908 amdiox64 - ok 22:13:52.0395 4908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:13:52.0489 4908 AmdK8 - ok 22:13:52.0707 4908 [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 22:13:53.0019 4908 amdkmdag - ok 22:13:53.0066 4908 [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 22:13:53.0128 4908 amdkmdap - ok 22:13:53.0160 4908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:13:53.0238 4908 AmdPPM - ok 22:13:53.0284 4908 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:13:53.0316 4908 amdsata - ok 22:13:53.0347 4908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:13:53.0378 4908 amdsbs - ok 22:13:53.0394 4908 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:13:53.0425 4908 amdxata - ok 22:13:53.0503 4908 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:13:53.0534 4908 AntiVirSchedulerService - ok 22:13:53.0581 4908 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:13:53.0612 4908 AntiVirService - ok 22:13:53.0659 4908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:13:53.0877 4908 AppID - ok 22:13:53.0924 4908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:13:54.0002 4908 AppIDSvc - ok 22:13:54.0064 4908 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 22:13:54.0142 4908 Appinfo - ok 22:13:54.0252 4908 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:13:54.0283 4908 Apple Mobile Device - ok 22:13:54.0330 4908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:13:54.0361 4908 arc - ok 22:13:54.0376 4908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:13:54.0408 4908 arcsas - ok 22:13:54.0439 4908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:13:54.0532 4908 AsyncMac - ok 22:13:54.0579 4908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:13:54.0610 4908 atapi - ok 22:13:54.0688 4908 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys 22:13:54.0782 4908 athr - ok 22:13:54.0860 4908 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 22:13:54.0876 4908 AtiHDAudioService - ok 22:13:54.0938 4908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:13:55.0063 4908 AudioEndpointBuilder - ok 22:13:55.0078 4908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:13:55.0156 4908 AudioSrv - ok 22:13:55.0203 4908 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:13:55.0250 4908 avgntflt - ok 22:13:55.0297 4908 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:13:55.0328 4908 avipbb - ok 22:13:55.0359 4908 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:13:55.0375 4908 avkmgr - ok 22:13:55.0437 4908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:13:55.0578 4908 AxInstSV - ok 22:13:55.0609 4908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:13:55.0671 4908 b06bdrv - ok 22:13:55.0702 4908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:13:55.0765 4908 b57nd60a - ok 22:13:55.0812 4908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:13:55.0890 4908 BDESVC - ok 22:13:55.0921 4908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:13:56.0014 4908 Beep - ok 22:13:56.0092 4908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:13:56.0202 4908 BFE - ok 22:13:56.0233 4908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 22:13:56.0358 4908 BITS - ok 22:13:56.0389 4908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:13:56.0436 4908 blbdrive - ok 22:13:56.0498 4908 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:13:56.0545 4908 Bonjour Service - ok 22:13:56.0576 4908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:13:56.0638 4908 bowser - ok 22:13:56.0670 4908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:13:56.0763 4908 BrFiltLo - ok 22:13:56.0779 4908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:13:56.0841 4908 BrFiltUp - ok 22:13:56.0888 4908 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 22:13:56.0982 4908 BridgeMP - ok 22:13:57.0044 4908 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:13:57.0122 4908 Browser - ok 22:13:57.0138 4908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:13:57.0216 4908 Brserid - ok 22:13:57.0262 4908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:13:57.0309 4908 BrSerWdm - ok 22:13:57.0325 4908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:13:57.0387 4908 BrUsbMdm - ok 22:13:57.0403 4908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:13:57.0450 4908 BrUsbSer - ok 22:13:57.0481 4908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:13:57.0528 4908 BTHMODEM - ok 22:13:57.0574 4908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:13:57.0652 4908 bthserv - ok 22:13:57.0684 4908 catchme - ok 22:13:57.0699 4908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:13:57.0808 4908 cdfs - ok 22:13:57.0871 4908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:13:57.0918 4908 cdrom - ok 22:13:57.0964 4908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:13:58.0042 4908 CertPropSvc - ok 22:13:58.0074 4908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:13:58.0120 4908 circlass - ok 22:13:58.0167 4908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:13:58.0198 4908 CLFS - ok 22:13:58.0261 4908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:13:58.0292 4908 clr_optimization_v2.0.50727_32 - ok 22:13:58.0339 4908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:13:58.0354 4908 clr_optimization_v2.0.50727_64 - ok 22:13:58.0448 4908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:13:58.0526 4908 clr_optimization_v4.0.30319_32 - ok 22:13:58.0573 4908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:13:58.0588 4908 clr_optimization_v4.0.30319_64 - ok 22:13:58.0635 4908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:13:58.0682 4908 CmBatt - ok 22:13:58.0682 4908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:13:58.0713 4908 cmdide - ok 22:13:58.0776 4908 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:13:58.0838 4908 CNG - ok 22:13:58.0932 4908 [ 78AC76700D37A98B5BADB19D57301BD6 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 22:13:59.0010 4908 CnxtHdAudService - ok 22:13:59.0041 4908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:13:59.0072 4908 Compbatt - ok 22:13:59.0134 4908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:13:59.0212 4908 CompositeBus - ok 22:13:59.0228 4908 COMSysApp - ok 22:13:59.0259 4908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:13:59.0290 4908 crcdisk - ok 22:13:59.0337 4908 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:13:59.0415 4908 CryptSvc - ok 22:13:59.0493 4908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:13:59.0587 4908 DcomLaunch - ok 22:13:59.0634 4908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:13:59.0727 4908 defragsvc - ok 22:13:59.0790 4908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:13:59.0883 4908 DfsC - ok 22:13:59.0961 4908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:14:00.0055 4908 Dhcp - ok 22:14:00.0102 4908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:14:00.0180 4908 discache - ok 22:14:00.0211 4908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:14:00.0242 4908 Disk - ok 22:14:00.0273 4908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:14:00.0336 4908 Dnscache - ok 22:14:00.0382 4908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:14:00.0460 4908 dot3svc - ok 22:14:00.0507 4908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:14:00.0601 4908 DPS - ok 22:14:00.0648 4908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:14:00.0694 4908 drmkaud - ok 22:14:00.0772 4908 [ 53E4843E1CD3653E665DAA32241F8F8B ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 22:14:00.0819 4908 DsiWMIService - ok 22:14:00.0882 4908 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:14:00.0944 4908 DXGKrnl - ok 22:14:00.0991 4908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:14:01.0069 4908 EapHost - ok 22:14:01.0194 4908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:14:01.0318 4908 ebdrv - ok 22:14:01.0365 4908 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:14:01.0459 4908 EFS - ok 22:14:01.0506 4908 [ 03E6888DA1A85ACF14AC2A3C328A9E62 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe 22:14:01.0537 4908 EgisTec Ticket Service - ok 22:14:01.0599 4908 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:14:01.0740 4908 ehRecvr - ok 22:14:01.0771 4908 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:14:01.0880 4908 ehSched - ok 22:14:01.0927 4908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:14:01.0958 4908 elxstor - ok 22:14:02.0036 4908 [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 22:14:02.0083 4908 ePowerSvc - ok 22:14:02.0098 4908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:14:02.0145 4908 ErrDev - ok 22:14:02.0192 4908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:14:02.0286 4908 EventSystem - ok 22:14:02.0317 4908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:14:02.0395 4908 exfat - ok 22:14:02.0442 4908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:14:02.0535 4908 fastfat - ok 22:14:02.0598 4908 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:14:02.0738 4908 Fax - ok 22:14:02.0769 4908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:14:02.0800 4908 fdc - ok 22:14:02.0847 4908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:14:02.0941 4908 fdPHost - ok 22:14:02.0956 4908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:14:03.0034 4908 FDResPub - ok 22:14:03.0066 4908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:14:03.0097 4908 FileInfo - ok 22:14:03.0112 4908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:14:03.0222 4908 Filetrace - ok 22:14:03.0284 4908 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:14:03.0315 4908 FLEXnet Licensing Service - ok 22:14:03.0346 4908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:14:03.0393 4908 flpydisk - ok 22:14:03.0440 4908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:14:03.0487 4908 FltMgr - ok 22:14:03.0549 4908 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 22:14:03.0658 4908 FontCache - ok 22:14:03.0721 4908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:14:03.0752 4908 FontCache3.0.0.0 - ok 22:14:03.0783 4908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:14:03.0814 4908 FsDepends - ok 22:14:03.0861 4908 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:14:03.0892 4908 Fs_Rec - ok 22:14:03.0955 4908 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:14:04.0002 4908 fvevol - ok 22:14:04.0048 4908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:14:04.0064 4908 gagp30kx - ok 22:14:04.0111 4908 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:14:04.0126 4908 GEARAspiWDM - ok 22:14:04.0189 4908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:14:04.0298 4908 gpsvc - ok 22:14:04.0329 4908 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 22:14:04.0376 4908 GREGService - ok 22:14:04.0407 4908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:14:04.0516 4908 hcw85cir - ok 22:14:04.0579 4908 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:14:04.0626 4908 HdAudAddService - ok 22:14:04.0688 4908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:14:04.0735 4908 HDAudBus - ok 22:14:04.0766 4908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:14:04.0813 4908 HidBatt - ok 22:14:04.0844 4908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:14:04.0891 4908 HidBth - ok 22:14:04.0922 4908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:14:04.0969 4908 HidIr - ok 22:14:04.0984 4908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 22:14:05.0078 4908 hidserv - ok 22:14:05.0125 4908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:14:05.0156 4908 HidUsb - ok 22:14:05.0203 4908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:14:05.0281 4908 hkmsvc - ok 22:14:05.0328 4908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:14:05.0452 4908 HomeGroupListener - ok 22:14:05.0484 4908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:14:05.0530 4908 HomeGroupProvider - ok 22:14:05.0577 4908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:14:05.0608 4908 HpSAMD - ok 22:14:05.0671 4908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:14:05.0780 4908 HTTP - ok 22:14:05.0827 4908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:14:05.0858 4908 hwpolicy - ok 22:14:05.0920 4908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:14:05.0952 4908 i8042prt - ok 22:14:05.0998 4908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:14:06.0030 4908 iaStorV - ok 22:14:06.0123 4908 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 22:14:06.0170 4908 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:14:06.0170 4908 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:14:06.0248 4908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:14:06.0295 4908 idsvc - ok 22:14:06.0342 4908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:14:06.0373 4908 iirsp - ok 22:14:06.0420 4908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:14:06.0529 4908 IKEEXT - ok 22:14:06.0576 4908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:14:06.0622 4908 intelide - ok 22:14:06.0654 4908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:14:06.0700 4908 intelppm - ok 22:14:06.0732 4908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:14:06.0825 4908 IPBusEnum - ok 22:14:06.0872 4908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:14:06.0950 4908 IpFilterDriver - ok 22:14:07.0012 4908 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:14:07.0090 4908 iphlpsvc - ok 22:14:07.0137 4908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:14:07.0168 4908 IPMIDRV - ok 22:14:07.0200 4908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:14:07.0293 4908 IPNAT - ok 22:14:07.0356 4908 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:14:07.0418 4908 iPod Service - ok 22:14:07.0434 4908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:14:07.0543 4908 IRENUM - ok 22:14:07.0574 4908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:14:07.0590 4908 isapnp - ok 22:14:07.0636 4908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:14:07.0668 4908 iScsiPrt - ok 22:14:07.0699 4908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:14:07.0730 4908 kbdclass - ok 22:14:07.0777 4908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:14:07.0808 4908 kbdhid - ok 22:14:07.0824 4908 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:14:07.0855 4908 KeyIso - ok 22:14:07.0902 4908 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:14:07.0933 4908 KSecDD - ok 22:14:07.0980 4908 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:14:08.0011 4908 KSecPkg - ok 22:14:08.0042 4908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:14:08.0136 4908 ksthunk - ok 22:14:08.0167 4908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:14:08.0260 4908 KtmRm - ok 22:14:08.0307 4908 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 22:14:08.0323 4908 L1C - ok 22:14:08.0385 4908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 22:14:08.0479 4908 LanmanServer - ok 22:14:08.0526 4908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:14:08.0604 4908 LanmanWorkstation - ok 22:14:08.0650 4908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:14:08.0744 4908 lltdio - ok 22:14:08.0775 4908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:14:08.0869 4908 lltdsvc - ok 22:14:08.0884 4908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:14:08.0962 4908 lmhosts - ok 22:14:08.0994 4908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:14:09.0009 4908 LSI_FC - ok 22:14:09.0040 4908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:14:09.0056 4908 LSI_SAS - ok 22:14:09.0072 4908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:14:09.0103 4908 LSI_SAS2 - ok 22:14:09.0134 4908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:14:09.0150 4908 LSI_SCSI - ok 22:14:09.0181 4908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:14:09.0274 4908 luafv - ok 22:14:09.0306 4908 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:14:09.0321 4908 MBAMProtector - ok 22:14:09.0384 4908 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:14:09.0430 4908 MBAMScheduler - ok 22:14:09.0462 4908 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:14:09.0493 4908 MBAMService - ok 22:14:09.0540 4908 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:14:09.0586 4908 Mcx2Svc - ok 22:14:09.0618 4908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:14:09.0649 4908 megasas - ok 22:14:09.0696 4908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:14:09.0727 4908 MegaSR - ok 22:14:09.0758 4908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:14:09.0852 4908 MMCSS - ok 22:14:09.0883 4908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:14:09.0976 4908 Modem - ok 22:14:10.0008 4908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:14:10.0054 4908 monitor - ok 22:14:10.0117 4908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:14:10.0148 4908 mouclass - ok 22:14:10.0179 4908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:14:10.0226 4908 mouhid - ok 22:14:10.0273 4908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:14:10.0320 4908 mountmgr - ok 22:14:10.0382 4908 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:14:10.0413 4908 MozillaMaintenance - ok 22:14:10.0444 4908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:14:10.0491 4908 mpio - ok 22:14:10.0522 4908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:14:10.0616 4908 mpsdrv - ok 22:14:10.0663 4908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:14:10.0756 4908 MpsSvc - ok 22:14:10.0788 4908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:14:10.0850 4908 MRxDAV - ok 22:14:10.0897 4908 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:14:10.0959 4908 mrxsmb - ok 22:14:11.0006 4908 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:14:11.0037 4908 mrxsmb10 - ok 22:14:11.0068 4908 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:14:11.0100 4908 mrxsmb20 - ok 22:14:11.0146 4908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:14:11.0178 4908 msahci - ok 22:14:11.0271 4908 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 22:14:11.0302 4908 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning 22:14:11.0302 4908 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1) 22:14:11.0334 4908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:14:11.0365 4908 msdsm - ok 22:14:11.0380 4908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:14:11.0443 4908 MSDTC - ok 22:14:11.0505 4908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:14:11.0568 4908 Msfs - ok 22:14:11.0599 4908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:14:11.0692 4908 mshidkmdf - ok 22:14:11.0724 4908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:14:11.0739 4908 msisadrv - ok 22:14:11.0786 4908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:14:11.0880 4908 MSiSCSI - ok 22:14:11.0880 4908 msiserver - ok 22:14:11.0926 4908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:14:11.0989 4908 MSKSSRV - ok 22:14:12.0020 4908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:14:12.0114 4908 MSPCLOCK - ok 22:14:12.0129 4908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:14:12.0207 4908 MSPQM - ok 22:14:12.0254 4908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:14:12.0285 4908 MsRPC - ok 22:14:12.0332 4908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:14:12.0379 4908 mssmbios - ok 22:14:12.0410 4908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:14:12.0488 4908 MSTEE - ok 22:14:12.0504 4908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:14:12.0550 4908 MTConfig - ok 22:14:12.0566 4908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:14:12.0597 4908 Mup - ok 22:14:12.0613 4908 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 22:14:12.0628 4908 mwlPSDFilter - ok 22:14:12.0644 4908 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 22:14:12.0675 4908 mwlPSDNServ - ok 22:14:12.0691 4908 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 22:14:12.0706 4908 mwlPSDVDisk - ok 22:14:12.0769 4908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:14:12.0878 4908 napagent - ok 22:14:12.0940 4908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:14:12.0987 4908 NativeWifiP - ok 22:14:13.0065 4908 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 22:14:13.0128 4908 NAUpdate - ok 22:14:13.0190 4908 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:14:13.0237 4908 NDIS - ok 22:14:13.0284 4908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:14:13.0362 4908 NdisCap - ok 22:14:13.0377 4908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:14:13.0455 4908 NdisTapi - ok 22:14:13.0518 4908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:14:13.0611 4908 Ndisuio - ok 22:14:13.0658 4908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:14:13.0752 4908 NdisWan - ok 22:14:13.0783 4908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:14:13.0861 4908 NDProxy - ok 22:14:13.0892 4908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:14:13.0986 4908 NetBIOS - ok 22:14:14.0032 4908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:14:14.0110 4908 NetBT - ok 22:14:14.0142 4908 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:14:14.0173 4908 Netlogon - ok 22:14:14.0204 4908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:14:14.0298 4908 Netman - ok 22:14:14.0329 4908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:14:14.0422 4908 netprofm - ok 22:14:14.0454 4908 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:14:14.0485 4908 NetTcpPortSharing - ok 22:14:14.0532 4908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:14:14.0547 4908 nfrd960 - ok 22:14:14.0578 4908 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:14:14.0641 4908 NlaSvc - ok 22:14:14.0656 4908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:14:14.0719 4908 Npfs - ok 22:14:14.0766 4908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:14:14.0844 4908 nsi - ok 22:14:14.0875 4908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:14:14.0968 4908 nsiproxy - ok 22:14:15.0046 4908 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:14:15.0124 4908 Ntfs - ok 22:14:15.0202 4908 [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 22:14:15.0234 4908 NTI IScheduleSvc - ok 22:14:15.0280 4908 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 22:14:15.0296 4908 NTIDrvr - ok 22:14:15.0312 4908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:14:15.0405 4908 Null - ok 22:14:15.0452 4908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:14:15.0483 4908 nvraid - ok 22:14:15.0514 4908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:14:15.0546 4908 nvstor - ok 22:14:15.0592 4908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:14:15.0624 4908 nv_agp - ok 22:14:15.0655 4908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:14:15.0686 4908 ohci1394 - ok 22:14:15.0764 4908 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:14:15.0780 4908 ose64 - ok 22:14:15.0982 4908 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:14:16.0185 4908 osppsvc - ok 22:14:16.0232 4908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:14:16.0279 4908 p2pimsvc - ok 22:14:16.0310 4908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:14:16.0357 4908 p2psvc - ok 22:14:16.0419 4908 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 22:14:16.0435 4908 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning 22:14:16.0435 4908 PACSPTISVR - detected UnsignedFile.Multi.Generic (1) 22:14:16.0466 4908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:14:16.0497 4908 Parport - ok 22:14:16.0528 4908 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:14:16.0560 4908 partmgr - ok 22:14:16.0591 4908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:14:16.0622 4908 PcaSvc - ok 22:14:16.0669 4908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:14:16.0700 4908 pci - ok 22:14:16.0716 4908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:14:16.0747 4908 pciide - ok 22:14:16.0778 4908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:14:16.0809 4908 pcmcia - ok 22:14:16.0840 4908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:14:16.0856 4908 pcw - ok 22:14:16.0887 4908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:14:16.0996 4908 PEAUTH - ok 22:14:17.0074 4908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:14:17.0121 4908 PerfHost - ok 22:14:17.0215 4908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:14:17.0324 4908 pla - ok 22:14:17.0386 4908 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:14:17.0433 4908 PlugPlay - ok 22:14:17.0464 4908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:14:17.0511 4908 PNRPAutoReg - ok 22:14:17.0542 4908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:14:17.0574 4908 PNRPsvc - ok 22:14:17.0620 4908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:14:17.0698 4908 PolicyAgent - ok 22:14:17.0745 4908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:14:17.0854 4908 Power - ok 22:14:17.0901 4908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:14:17.0995 4908 PptpMiniport - ok 22:14:18.0026 4908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:14:18.0057 4908 Processor - ok 22:14:18.0104 4908 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:14:18.0182 4908 ProfSvc - ok 22:14:18.0198 4908 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:14:18.0229 4908 ProtectedStorage - ok 22:14:18.0260 4908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:14:18.0354 4908 Psched - ok 22:14:18.0400 4908 [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 22:14:18.0432 4908 PxHlpa64 - ok 22:14:18.0478 4908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:14:18.0556 4908 ql2300 - ok 22:14:18.0588 4908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:14:18.0619 4908 ql40xx - ok 22:14:18.0666 4908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:14:18.0697 4908 QWAVE - ok 22:14:18.0728 4908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:14:18.0775 4908 QWAVEdrv - ok 22:14:18.0790 4908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:14:18.0884 4908 RasAcd - ok 22:14:18.0915 4908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:14:19.0009 4908 RasAgileVpn - ok 22:14:19.0040 4908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:14:19.0118 4908 RasAuto - ok 22:14:19.0165 4908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:14:19.0243 4908 Rasl2tp - ok 22:14:19.0305 4908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:14:19.0399 4908 RasMan - ok 22:14:19.0446 4908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:14:19.0539 4908 RasPppoe - ok 22:14:19.0570 4908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:14:19.0648 4908 RasSstp - ok 22:14:19.0711 4908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:14:19.0789 4908 rdbss - ok 22:14:19.0820 4908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:14:19.0867 4908 rdpbus - ok 22:14:19.0882 4908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:14:19.0976 4908 RDPCDD - ok 22:14:19.0992 4908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:14:20.0085 4908 RDPENCDD - ok 22:14:20.0101 4908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:14:20.0179 4908 RDPREFMP - ok 22:14:20.0226 4908 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:14:20.0319 4908 RDPWD - ok 22:14:20.0382 4908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:14:20.0413 4908 rdyboost - ok 22:14:20.0444 4908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:14:20.0522 4908 RemoteAccess - ok 22:14:20.0569 4908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:14:20.0662 4908 RemoteRegistry - ok 22:14:20.0678 4908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:14:20.0772 4908 RpcEptMapper - ok 22:14:20.0803 4908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:14:20.0850 4908 RpcLocator - ok 22:14:20.0896 4908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:14:20.0974 4908 RpcSs - ok 22:14:21.0021 4908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:14:21.0099 4908 rspndr - ok 22:14:21.0162 4908 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys 22:14:21.0193 4908 RSUSBSTOR - ok 22:14:21.0208 4908 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:14:21.0240 4908 SamSs - ok 22:14:21.0286 4908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:14:21.0302 4908 sbp2port - ok 22:14:21.0349 4908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:14:21.0442 4908 SCardSvr - ok 22:14:21.0474 4908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:14:21.0536 4908 scfilter - ok 22:14:21.0614 4908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:14:21.0723 4908 Schedule - ok 22:14:21.0754 4908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:14:21.0832 4908 SCPolicySvc - ok 22:14:21.0879 4908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:14:21.0942 4908 SDRSVC - ok 22:14:22.0004 4908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:14:22.0082 4908 secdrv - ok 22:14:22.0113 4908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:14:22.0207 4908 seclogon - ok 22:14:22.0238 4908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 22:14:22.0332 4908 SENS - ok 22:14:22.0347 4908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:14:22.0441 4908 SensrSvc - ok 22:14:22.0472 4908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:14:22.0503 4908 Serenum - ok 22:14:22.0550 4908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:14:22.0597 4908 Serial - ok 22:14:22.0644 4908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:14:22.0675 4908 sermouse - ok 22:14:22.0737 4908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:14:22.0815 4908 SessionEnv - ok 22:14:22.0862 4908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:14:22.0940 4908 sffdisk - ok 22:14:22.0971 4908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:14:23.0002 4908 sffp_mmc - ok 22:14:23.0049 4908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:14:23.0080 4908 sffp_sd - ok 22:14:23.0112 4908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:14:23.0158 4908 sfloppy - ok 22:14:23.0205 4908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:14:23.0283 4908 SharedAccess - ok 22:14:23.0346 4908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:14:23.0424 4908 ShellHWDetection - ok 22:14:23.0470 4908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:14:23.0502 4908 SiSRaid2 - ok 22:14:23.0517 4908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:14:23.0548 4908 SiSRaid4 - ok 22:14:23.0626 4908 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:14:23.0658 4908 SkypeUpdate - ok 22:14:23.0689 4908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:14:23.0782 4908 Smb - ok 22:14:23.0814 4908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:14:23.0845 4908 SNMPTRAP - ok 22:14:23.0892 4908 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe 22:14:23.0938 4908 SonicStage Back-End Service - ok 22:14:23.0970 4908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:14:24.0001 4908 spldr - ok 22:14:24.0048 4908 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:14:24.0094 4908 Spooler - ok 22:14:24.0219 4908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:14:24.0391 4908 sppsvc - ok 22:14:24.0422 4908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:14:24.0500 4908 sppuinotify - ok 22:14:24.0562 4908 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe 22:14:24.0578 4908 SPTISRV ( UnsignedFile.Multi.Generic ) - warning 22:14:24.0578 4908 SPTISRV - detected UnsignedFile.Multi.Generic (1) 22:14:24.0609 4908 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:14:24.0703 4908 srv - ok 22:14:24.0750 4908 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:14:24.0796 4908 srv2 - ok 22:14:24.0828 4908 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:14:24.0859 4908 srvnet - ok 22:14:24.0906 4908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:14:24.0984 4908 SSDPSRV - ok 22:14:25.0015 4908 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe 22:14:25.0030 4908 SSScsiSV - ok 22:14:25.0062 4908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:14:25.0155 4908 SstpSvc - ok 22:14:25.0171 4908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:14:25.0202 4908 stexstor - ok 22:14:25.0249 4908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:14:25.0327 4908 stisvc - ok 22:14:25.0374 4908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:14:25.0389 4908 swenum - ok 22:14:25.0420 4908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:14:25.0514 4908 swprv - ok 22:14:25.0576 4908 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 22:14:25.0639 4908 SynTP - ok 22:14:25.0732 4908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:14:25.0810 4908 SysMain - ok 22:14:25.0888 4908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:14:25.0966 4908 TabletInputService - ok 22:14:25.0998 4908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:14:26.0091 4908 TapiSrv - ok 22:14:26.0122 4908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:14:26.0200 4908 TBS - ok 22:14:26.0294 4908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:14:26.0372 4908 Tcpip - ok 22:14:26.0434 4908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:14:26.0497 4908 TCPIP6 - ok 22:14:26.0544 4908 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:14:26.0575 4908 tcpipreg - ok 22:14:26.0622 4908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:14:26.0653 4908 TDPIPE - ok 22:14:26.0715 4908 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:14:26.0746 4908 TDTCP - ok 22:14:26.0793 4908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:14:26.0871 4908 tdx - ok 22:14:26.0902 4908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:14:26.0934 4908 TermDD - ok 22:14:26.0965 4908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:14:27.0058 4908 TermService - ok 22:14:27.0105 4908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:14:27.0152 4908 Themes - ok 22:14:27.0168 4908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:14:27.0246 4908 THREADORDER - ok 22:14:27.0292 4908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:14:27.0433 4908 TrkWks - ok 22:14:27.0901 4908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:14:27.0979 4908 TrustedInstaller - ok 22:14:28.0041 4908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:14:28.0119 4908 tssecsrv - ok 22:14:28.0166 4908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:14:28.0228 4908 TsUsbFlt - ok 22:14:28.0275 4908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:14:28.0369 4908 tunnel - ok 22:14:28.0400 4908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:14:28.0431 4908 uagp35 - ok 22:14:28.0462 4908 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 22:14:28.0478 4908 UBHelper - ok 22:14:28.0556 4908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:14:28.0650 4908 udfs - ok 22:14:28.0696 4908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:14:28.0759 4908 UI0Detect - ok 22:14:28.0790 4908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:14:28.0821 4908 uliagpkx - ok 22:14:28.0868 4908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 22:14:28.0899 4908 umbus - ok 22:14:28.0962 4908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:14:28.0977 4908 UmPass - ok 22:14:29.0086 4908 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 22:14:29.0133 4908 Updater Service - ok 22:14:29.0164 4908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:14:29.0258 4908 upnphost - ok 22:14:29.0289 4908 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:14:29.0352 4908 USBAAPL64 - ok 22:14:29.0383 4908 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:14:29.0414 4908 usbccgp - ok 22:14:29.0461 4908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:14:29.0508 4908 usbcir - ok 22:14:29.0539 4908 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:14:29.0586 4908 usbehci - ok 22:14:29.0617 4908 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 22:14:29.0632 4908 usbfilter - ok 22:14:29.0679 4908 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:14:29.0710 4908 usbhub - ok 22:14:29.0742 4908 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:14:29.0788 4908 usbohci - ok 22:14:29.0804 4908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:14:29.0851 4908 usbprint - ok 22:14:29.0898 4908 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:14:29.0944 4908 usbscan - ok 22:14:29.0976 4908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:14:30.0069 4908 USBSTOR - ok 22:14:30.0100 4908 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:14:30.0116 4908 usbuhci - ok 22:14:30.0178 4908 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:14:30.0225 4908 usbvideo - ok 22:14:30.0256 4908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:14:30.0350 4908 UxSms - ok 22:14:30.0381 4908 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:14:30.0397 4908 VaultSvc - ok 22:14:30.0428 4908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:14:30.0459 4908 vdrvroot - ok 22:14:30.0522 4908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:14:30.0615 4908 vds - ok 22:14:30.0662 4908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:14:30.0693 4908 vga - ok 22:14:30.0709 4908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:14:30.0787 4908 VgaSave - ok 22:14:30.0834 4908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:14:30.0865 4908 vhdmp - ok 22:14:30.0896 4908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:14:30.0927 4908 viaide - ok 22:14:30.0958 4908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:14:30.0990 4908 volmgr - ok 22:14:31.0036 4908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:14:31.0083 4908 volmgrx - ok 22:14:31.0130 4908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:14:31.0177 4908 volsnap - ok 22:14:31.0224 4908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:14:31.0255 4908 vsmraid - ok 22:14:31.0333 4908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:14:31.0458 4908 VSS - ok 22:14:31.0473 4908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:14:31.0520 4908 vwifibus - ok 22:14:31.0551 4908 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:14:31.0598 4908 vwififlt - ok 22:14:31.0645 4908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:14:31.0754 4908 W32Time - ok 22:14:31.0801 4908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:14:31.0863 4908 WacomPen - ok 22:14:31.0910 4908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:14:31.0988 4908 WANARP - ok 22:14:31.0988 4908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:14:32.0066 4908 Wanarpv6 - ok 22:14:32.0128 4908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:14:32.0269 4908 wbengine - ok 22:14:32.0300 4908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:14:32.0362 4908 WbioSrvc - ok 22:14:32.0409 4908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:14:32.0456 4908 wcncsvc - ok 22:14:32.0487 4908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:14:32.0550 4908 WcsPlugInService - ok 22:14:32.0565 4908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:14:32.0596 4908 Wd - ok 22:14:32.0659 4908 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:14:32.0721 4908 Wdf01000 - ok 22:14:32.0752 4908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:14:32.0830 4908 WdiServiceHost - ok 22:14:32.0846 4908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:14:32.0893 4908 WdiSystemHost - ok 22:14:32.0955 4908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:14:33.0033 4908 WebClient - ok 22:14:33.0142 4908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:14:33.0252 4908 Wecsvc - ok 22:14:33.0283 4908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:14:33.0392 4908 wercplsupport - ok 22:14:33.0408 4908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:14:33.0486 4908 WerSvc - ok 22:14:33.0517 4908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:14:33.0610 4908 WfpLwf - ok 22:14:33.0642 4908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:14:33.0657 4908 WIMMount - ok 22:14:33.0688 4908 WinDefend - ok 22:14:33.0720 4908 WinHttpAutoProxySvc - ok 22:14:33.0766 4908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:14:33.0860 4908 Winmgmt - ok 22:14:33.0985 4908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:14:34.0125 4908 WinRM - ok 22:14:34.0188 4908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:14:34.0234 4908 WinUsb - ok 22:14:34.0281 4908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:14:34.0328 4908 Wlansvc - ok 22:14:34.0390 4908 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:14:34.0406 4908 wlcrasvc - ok 22:14:34.0531 4908 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:14:34.0625 4908 wlidsvc - ok 22:14:34.0671 4908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:14:34.0703 4908 WmiAcpi - ok 22:14:34.0765 4908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:14:34.0812 4908 wmiApSrv - ok 22:14:34.0843 4908 WMPNetworkSvc - ok 22:14:34.0921 4908 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 22:14:34.0952 4908 WMZuneComm - ok 22:14:34.0999 4908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:14:35.0061 4908 WPCSvc - ok 22:14:35.0093 4908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:14:35.0186 4908 WPDBusEnum - ok 22:14:35.0217 4908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:14:35.0295 4908 ws2ifsl - ok 22:14:35.0327 4908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 22:14:35.0373 4908 wscsvc - ok 22:14:35.0389 4908 WSearch - ok 22:14:35.0545 4908 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:14:35.0670 4908 wuauserv - ok 22:14:35.0717 4908 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:14:35.0779 4908 WudfPf - ok 22:14:35.0810 4908 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:14:35.0841 4908 WUDFRd - ok 22:14:35.0857 4908 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:14:35.0904 4908 wudfsvc - ok 22:14:35.0966 4908 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:14:36.0029 4908 WwanSvc - ok 22:14:36.0403 4908 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 22:14:36.0809 4908 ZuneNetworkSvc - ok 22:14:36.0871 4908 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 22:14:36.0918 4908 ZuneWlanCfgSvc - ok 22:14:36.0933 4908 ================ Scan global =============================== 22:14:36.0965 4908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:14:37.0011 4908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:14:37.0027 4908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:14:37.0043 4908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:14:37.0089 4908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:14:37.0089 4908 [Global] - ok 22:14:37.0089 4908 ================ Scan MBR ================================== 22:14:37.0105 4908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:14:37.0511 4908 \Device\Harddisk0\DR0 - ok 22:14:37.0511 4908 ================ Scan VBR ================================== 22:14:37.0573 4908 [ 872AE8326275D37695E7142C24966BA4 ] \Device\Harddisk0\DR0\Partition1 22:14:37.0573 4908 \Device\Harddisk0\DR0\Partition1 - ok 22:14:37.0589 4908 [ A444D6DCFF1FF30B42DA6C77FD342337 ] \Device\Harddisk0\DR0\Partition2 22:14:37.0604 4908 \Device\Harddisk0\DR0\Partition2 - ok 22:14:37.0604 4908 ============================================================ 22:14:37.0604 4908 Scan finished 22:14:37.0604 4908 ============================================================ 22:14:37.0620 2720 Detected object count: 4 22:14:37.0620 2720 Actual detected object count: 4 22:15:26.0495 2720 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:15:26.0495 2720 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:15:26.0495 2720 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:15:26.0495 2720 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:15:26.0495 2720 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user 22:15:26.0495 2720 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:15:26.0495 2720 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user 22:15:26.0495 2720 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip |
19.06.2013, 21:21 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden Oh, hätte ich fast nit gemerkt, dass du das Log noch garnicht gepostet hast Ist aber ok, mach mit JRT/adwCleaner weiter, danach ein frisches Log mit OTL
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2013, 21:31 | #15 |
| TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Lukas on 19.06.2013 at 22:20:33,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C7CDAAC-AAAE-4083-B218-43B488DCDEC0} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" ~~~ FireFox Successfully deleted: [File] C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\user.js Emptied folder: C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\minidumps [24 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.06.2013 at 22:28:21,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 22:33:24 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Lukas - LUKAS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\Ask ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\r7i8jz36.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1042 octets] - [19/06/2013 22:33:24] ########## EOF - C:\AdwCleaner[S1].txt - [1102 octets] ########## Code:
ATTFilter OTL logfile created on: 19.06.2013 22:42:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,53% Memory free 3,46 Gb Paging File | 2,12 Gb Available in Paging File | 61,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 162,63 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 16:24:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.04 18:20:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2011.05.31 23:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.12 14:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\r7i8jz36.default\extensions [2013.05.12 14:54:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\r7i8jz36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.18 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 16:24:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.19 18:43:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A118C30-2CA8-4B2E-B4B4-C286496D948D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF56CDC8-8111-4A1A-8FD2-5943080DB6B7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.19 22:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.06.19 22:20:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.19 22:19:55 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.19 22:19:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Lukas\Desktop\JRT.exe [2013.06.19 22:05:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lukas\Desktop\tdsskiller.exe [2013.06.19 21:28:54 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lukas\Desktop\aswMBR.exe [2013.06.19 20:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.19 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\mbar [2013.06.19 18:53:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.19 18:28:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.19 18:28:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.19 18:28:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.19 18:28:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.19 18:28:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.19 18:25:35 | 005,081,021 | R--- | C] (Swearware) -- C:\Users\Lukas\Desktop\ComboFix.exe [2013.06.18 10:46:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2013.06.18 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes [2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.18 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.18 10:02:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.18 10:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.18 10:01:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs [2013.06.17 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Tribes - Wish to Scream (2013) [2013.06.16 12:14:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.16 12:14:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 22:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2013.06.15 15:48:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.15 15:48:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.15 15:48:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.15 15:48:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.15 15:48:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.15 15:48:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.15 15:48:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.15 15:48:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.15 15:48:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.15 15:48:15 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.15 15:48:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.15 15:48:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.15 15:48:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 18:08:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 18:08:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 18:08:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 18:08:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 18:08:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 18:08:06 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 18:08:06 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 18:08:06 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 18:08:05 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 18:08:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 18:08:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 18:07:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 18:07:39 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.04 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.06.19 22:48:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.19 22:43:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 22:43:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 22:35:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 22:35:03 | 1392,693,248 | -HS- | M] () -- C:\hiberfil.sys [2013.06.19 22:32:39 | 000,648,201 | ---- | M] () -- C:\Users\Lukas\Desktop\adwcleaner.exe [2013.06.19 22:19:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Lukas\Desktop\JRT.exe [2013.06.19 22:05:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lukas\Desktop\tdsskiller.exe [2013.06.19 22:01:16 | 000,000,512 | ---- | M] () -- C:\Users\Lukas\Desktop\MBR.dat [2013.06.19 21:30:24 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lukas\Desktop\aswMBR.exe [2013.06.19 20:28:51 | 013,169,742 | ---- | M] () -- C:\Users\Lukas\Desktop\mbar-1.06.0.1003.zip [2013.06.19 20:01:19 | 000,377,856 | ---- | M] () -- C:\Users\Lukas\Desktop\gmer_2.1.19163.exe [2013.06.19 18:43:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.19 18:25:36 | 005,081,021 | R--- | M] (Swearware) -- C:\Users\Lukas\Desktop\ComboFix.exe [2013.06.18 10:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe [2013.06.18 10:41:41 | 000,050,477 | ---- | M] () -- C:\Users\Lukas\Desktop\Defogger.exe [2013.06.18 10:02:42 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.12 17:48:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 17:48:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll ========== Files Created - No Company Name ========== [2013.06.19 22:32:35 | 000,648,201 | ---- | C] () -- C:\Users\Lukas\Desktop\adwcleaner.exe [2013.06.19 22:01:16 | 000,000,512 | ---- | C] () -- C:\Users\Lukas\Desktop\MBR.dat [2013.06.19 20:28:48 | 013,169,742 | ---- | C] () -- C:\Users\Lukas\Desktop\mbar-1.06.0.1003.zip [2013.06.19 20:01:16 | 000,377,856 | ---- | C] () -- C:\Users\Lukas\Desktop\gmer_2.1.19163.exe [2013.06.19 18:28:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.19 18:28:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.19 18:28:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.19 18:28:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.19 18:28:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.18 10:41:37 | 000,050,477 | ---- | C] () -- C:\Users\Lukas\Desktop\Defogger.exe [2013.06.18 10:02:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 20:34:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.06.2013 22:42:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lukas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,73 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,53% Memory free 3,46 Gb Paging File | 2,12 Gb Available in Paging File | 61,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,99 Gb Total Space | 162,63 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1544863692-1524701824-4242043933-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0027BA6E-5A23-459D-9D6E-B5D3DC2B59DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{4A0A50F1-CAD8-42CE-8762-4CB93FA6A242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{605739C7-191B-47C1-80D2-FBECD8F60EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{77DFF8B0-A25A-415C-A2EC-42225C0ED7C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8603BC6D-77F0-494C-9815-5FDC89FF3440}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9F38957F-8F95-4B72-BE66-3987244A23F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A6F13346-E25A-4217-97A2-3B0257C7E5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7893A2D-EB71-4952-BDAC-09F2F01845B1}" = rport=10243 | protocol=6 | dir=out | app=system | "{D36DB4E5-EE14-4046-8641-40A2F3E681E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D617FFA6-48BC-479B-8FD9-0DA61EA3A442}" = lport=10243 | protocol=6 | dir=in | app=system | "{F74EC312-656A-4529-9580-D88F44B01FAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C56DC9-0B22-46F9-BA02-20AFD48CC6F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{08FE0D3D-5E72-4288-ACBF-18330A2AF700}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C2CA729-EA87-4911-A54D-E9D9B5A853CE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{21E5A09C-4702-45CC-8C4E-56DADD986025}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | "{23AD006F-B671-45AA-925B-4B099CC7E7C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2DBF95C5-BD37-453B-A835-1AB9D4F0CAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{422D80A2-C2DF-4FA5-BBE6-7AEF77D750A4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{4A2EDF64-303D-40F5-B3D6-9F6771E86B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{4DFB5CEA-0BF7-4D90-9A81-1BFF3EBC05B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{53D1FA55-188A-4008-BF8B-3C337C0FABD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54BA2223-C664-4D9D-B170-69E8182108E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{61D6A021-DA25-48A7-8144-026B53C1A05B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63691C27-6AB9-4C32-A845-0B5BFDEDB726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{80714254-5761-48C1-9769-9688CE6FDC7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{83AA4C8E-83FF-447A-BA13-5E400C5DF97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{854638FD-5A53-43CC-AF7D-D781DD13D0C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8B61E41B-ADFA-4DCE-BB81-D558D4B81C05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C2AD52A-5B84-45F5-B7EF-D0912F095A18}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9673B0BE-4924-4AC8-9BD0-B4340ABA5DE5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{9E77838A-335C-4A4F-9BC2-41EA5BB392D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A2247939-EB26-4EE2-BF18-1F1B2C64EBC1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A383EA9B-8DAD-46DE-8C1C-E3268E08375C}" = protocol=6 | dir=out | app=system | "{A58417B0-6151-46C8-89AC-1EB8320EDF6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A9960DFF-8481-43BE-8554-BBDAA374339A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | "{AF8C9E41-7FD6-4F35-931F-EF9A2768053E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C105B4E3-EEA6-4179-AE21-C9A4D4DCC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C1E7EC0E-8B81-4186-AF31-CEC958E4B2A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA9C8C06-1420-4253-B956-6B028D6DB385}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D9A0E4DC-5A5F-497F-854F-F363A1803A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DBC54CD8-B12E-43AC-9C9F-A88DCBC294BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F01FDF67-A4F5-4AEB-971A-7EEE604F1D4E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F87825F7-B848-4D13-AB84-0D9B7B6B99B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F90AC0C9-BBBE-434F-990F-7EE32AF238F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{6B870DA3-4138-400E-99FF-D9BAF1F5D62B}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=6 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | "UDP Query User{76155ABD-C9A3-4099-A92F-74232E61C9A3}C:\users\lukas\appdata\roaming\peyt\yvmea.exe" = protocol=17 | dir=in | app=c:\users\lukas\appdata\roaming\peyt\yvmea.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}" = ATI Catalyst Install Manager "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{56D8EE9D-5411-4DEE-6CFB-C720A07FDCAB}" = ccc-utility64 "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5850E3A0-1096-5C2D-C296-D9C2B00E8855}" = AMD Fuel "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARDR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARDR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARDR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-1000-0000000FF1CE}_Office14.STANDARDR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARDR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010 "{90140000-0043-0409-1000-0000000FF1CE}_Office14.STANDARDR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.STANDARDR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-1000-0000000FF1CE}_Office14.STANDARDR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010 "{91140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARDR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE24C28A-6BE1-5138-7CC7-854E9EB3757C}" = WMV9/VC-1 Video Playback "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office14.STANDARDR" = Microsoft Office Standard 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{0959BCF5-05D5-9F2B-0965-1A27A533C492}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1292DD8E-474E-7D7C-5FF9-B4A7639D435A}" = CCC Help Czech "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2D234FAE-7FE2-5002-2B63-8CDEA2BD0B60}" = CCC Help Hungarian "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35168310-7EE6-AD4E-84F3-73960642561C}" = Catalyst Control Center Localization All "{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy "{366234D5-16FC-9EA2-5881-08B8CC44D36D}" = CCC Help Greek "{37AAE8BF-DC98-1937-CDE9-9CE61833A252}" = CCC Help Japanese "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3A915C0E-0168-0E43-B5A4-949136DF0C33}" = Catalyst Control Center Profiles Mobile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{45CBA375-6ECC-EA3C-5EC3-E06A16DFD9A8}" = CCC Help Thai "{477878A3-24BC-98D5-B447-417E4FF30218}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4EF87BA4-A1C8-818D-81B4-A211B8D817C7}" = CCC Help Portuguese "{508457D2-6156-EE57-2F7D-8DCB90B2BCF2}" = CCC Help Russian "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52D36E31-AE4A-8E99-8B6B-F04A306AC4E7}" = CCC Help Chinese Standard "{54D986DF-0B7F-244D-9A36-A52CF36D8633}" = CCC Help Norwegian "{5A4D2D53-D233-4FAE-FB7D-9101B46C9F53}" = CCC Help Italian "{5A8EBCAE-71F2-F101-E86E-8E128A47401C}" = CCC Help French "{5D43581B-77CC-CA01-5D4F-34215870EBE8}" = CCC Help Swedish "{624B8C52-419F-48BF-704F-0DE2BEC1E323}" = Catalyst Control Center InstallProxy "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FDDD338-24AD-E75E-E0A7-82CDAE803378}" = CCC Help Danish "{823FB107-94F5-405C-8B3D-6F6E66C3A310}" = Catalyst Control Center - Branding "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{903E5724-3250-163F-017F-33030AAEA16B}" = CCC Help Spanish "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C0E3DA8-408A-39D3-855D-3440E38F3D83}" = ccc-core-static "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{9E9AED59-2E4B-C3BB-D036-9392A3898E20}" = CCC Help English "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CABA6C97-8680-D8C4-7DAA-A8D1CC230370}" = Catalyst Control Center Graphics Previews Common "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DB9AA311-9119-5466-BE82-6CD37304FE42}" = CCC Help Dutch "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E15555E9-386B-B748-7C94-4F2591ADCB63}" = CCC Help Chinese Traditional "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5FCABF0-E2AF-6A70-3971-67C8B1310480}" = CCC Help Finnish "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FEE720F0-7A20-A61E-D56B-90DB02655B78}" = CCC Help German "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Avira AntiVir Desktop" = Avira Free Antivirus "Fliqlo" = Fliqlo Bildschirmschoner "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "Simfy" = simfy "WinLiveSuite" = Windows Live Essentials < End of report > |
Themen zu TR/Spy.ZBot.mhlv.2 bei AVIRA gefunden |
appdata, avira, datei, folge, folgende, folgenden, gefunde, immer wieder, local, rechner, rojaner gefunden, taucht, temp, tmp, tr/spy.zbot.mhlv.2, troja, trojan.agent.acr, trojaner, trojaner gefunden, users, verweigert, worm/luder.bjmz.1, worm/luder.blat, zugriff |