| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL}Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.11.2012, 19:53
| #1 |
 |  http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Beim öffnen mancher seiten öffnet sich dieses fenster durch googel bin auf euch gestossen und habe schon mal Anti-Malware ausgeführt das kam dabei raus (bitte um hilfe): Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Erik-Black :: ERIK-BLACK-PC [Administrator] 06.11.2012 16:26:29 mbam-log-2012-11-06 (16-26-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 375305 Laufzeit: 1 Stunde(n), 7 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 20 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 24 C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Erik-Black\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ich habe ein vergleichbares thema gefunden aber ich weiss nicht ob ich das genauso ausführen soll !? |
|
07.11.2012, 14:32
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic! Gibt es noch weitere Logs von Malwarebytes? Bitte lesen => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
07.11.2012, 16:21
| #3 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Tatsächlich kann es von Softonic sein aber das ist schon sau lange her und die seiten öffnen sich erst seit kurzen.
__________________Ich habe alles gepostet was drinnen stand mehr war da nicht bzw war es der erste und einzige versuch des auslesen. Ich danke auf jedenfall erstmal für deine hilfsbereitschaft  |
|
07.11.2012, 16:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2012, 17:27
| #5 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} So beide schritte gemacht bei TDSS-Killer kam etwas das ich dann geskipt habe 1.aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 17:10:36
-----------------------------
17:10:36.066 OS Version: Windows x64 6.1.7601 Service Pack 1
17:10:36.066 Number of processors: 4 586 0x2505
17:10:36.066 ComputerName: ERIK-BLACK-PC UserName: Erik-Black
17:10:37.376 Initialize success
17:14:16.231 AVAST engine defs: 12110700
17:16:45.267 The log file has been saved successfully to "C:\Users\Erik-Black\Documents\aswMBR.txt"
Code:
ATTFilter 17:20:33.0214 4472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:20:33.0292 4472 ============================================================
17:20:33.0292 4472 Current date / time: 2012/11/07 17:20:33.0292
17:20:33.0292 4472 SystemInfo:
17:20:33.0292 4472
17:20:33.0292 4472 OS Version: 6.1.7601 ServicePack: 1.0
17:20:33.0292 4472 Product type: Workstation
17:20:33.0292 4472 ComputerName: ERIK-BLACK-PC
17:20:33.0292 4472 UserName: Erik-Black
17:20:33.0292 4472 Windows directory: C:\Windows
17:20:33.0292 4472 System windows directory: C:\Windows
17:20:33.0292 4472 Running under WOW64
17:20:33.0292 4472 Processor architecture: Intel x64
17:20:33.0292 4472 Number of processors: 4
17:20:33.0292 4472 Page size: 0x1000
17:20:33.0292 4472 Boot type: Normal boot
17:20:33.0292 4472 ============================================================
17:20:33.0729 4472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:33.0729 4472 ============================================================
17:20:33.0729 4472 \Device\Harddisk0\DR0:
17:20:33.0729 4472 MBR partitions:
17:20:33.0729 4472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2500800, BlocksNum 0x32000
17:20:33.0745 4472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2533000, BlocksNum 0x37E52800
17:20:33.0745 4472 ============================================================
17:20:33.0760 4472 C: <-> \Device\Harddisk0\DR0\Partition2
17:20:33.0760 4472 ============================================================
17:20:33.0760 4472 Initialize success
17:20:33.0760 4472 ============================================================
17:21:12.0667 5300 ============================================================
17:21:12.0667 5300 Scan started
17:21:12.0667 5300 Mode: Manual; SigCheck; TDLFS;
17:21:12.0667 5300 ============================================================
17:21:12.0870 5300 ================ Scan system memory ========================
17:21:12.0870 5300 System memory - ok
17:21:12.0870 5300 ================ Scan services =============================
17:21:13.0041 5300 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:21:13.0119 5300 1394ohci - ok
17:21:13.0182 5300 [ DB2790561B17BCE03312DC1D548DFD1B ] a8djavs C:\Windows\system32\Drivers\a8djavs.sys
17:21:13.0213 5300 a8djavs - ok
17:21:13.0244 5300 [ 3AFB287A4ECC58AF959F5A213E46013F ] a8djusb_svc C:\Windows\system32\Drivers\a8djusb.sys
17:21:13.0244 5300 a8djusb_svc - ok
17:21:13.0306 5300 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:21:13.0322 5300 ACPI - ok
17:21:13.0369 5300 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:21:13.0447 5300 AcpiPmi - ok
17:21:13.0572 5300 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:21:13.0587 5300 AdobeARMservice - ok
17:21:13.0712 5300 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:21:13.0728 5300 AdobeFlashPlayerUpdateSvc - ok
17:21:13.0790 5300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:21:13.0806 5300 adp94xx - ok
17:21:13.0837 5300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:21:13.0852 5300 adpahci - ok
17:21:13.0884 5300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:21:13.0899 5300 adpu320 - ok
17:21:13.0915 5300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:21:14.0086 5300 AeLookupSvc - ok
17:21:14.0164 5300 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:21:14.0211 5300 AFD - ok
17:21:14.0258 5300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:21:14.0274 5300 agp440 - ok
17:21:14.0305 5300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:21:14.0352 5300 ALG - ok
17:21:14.0398 5300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:21:14.0414 5300 aliide - ok
17:21:14.0445 5300 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:21:14.0539 5300 AMD External Events Utility - ok
17:21:14.0617 5300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:21:14.0632 5300 amdide - ok
17:21:14.0679 5300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:21:14.0742 5300 AmdK8 - ok
17:21:14.0898 5300 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:15.0116 5300 amdkmdag - ok
17:21:15.0132 5300 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:21:15.0163 5300 amdkmdap - ok
17:21:15.0194 5300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:21:15.0225 5300 AmdPPM - ok
17:21:15.0288 5300 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:21:15.0303 5300 amdsata - ok
17:21:15.0319 5300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:21:15.0334 5300 amdsbs - ok
17:21:15.0350 5300 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:21:15.0366 5300 amdxata - ok
17:21:15.0444 5300 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:21:15.0475 5300 AntiVirSchedulerService - ok
17:21:15.0506 5300 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:21:15.0522 5300 AntiVirService - ok
17:21:15.0569 5300 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:21:15.0834 5300 AppID - ok
17:21:15.0896 5300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:21:15.0959 5300 AppIDSvc - ok
17:21:16.0021 5300 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:21:16.0068 5300 Appinfo - ok
17:21:16.0099 5300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:21:16.0099 5300 arc - ok
17:21:16.0115 5300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:21:16.0130 5300 arcsas - ok
17:21:16.0161 5300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:21:16.0224 5300 AsyncMac - ok
17:21:16.0271 5300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:21:16.0286 5300 atapi - ok
17:21:16.0380 5300 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:21:16.0442 5300 athr - ok
17:21:16.0598 5300 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:21:16.0676 5300 atikmdag - ok
17:21:16.0739 5300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:21:16.0817 5300 AudioEndpointBuilder - ok
17:21:16.0832 5300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:21:16.0879 5300 AudioSrv - ok
17:21:16.0910 5300 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:21:16.0926 5300 avgntflt - ok
17:21:16.0957 5300 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:21:16.0957 5300 avipbb - ok
17:21:17.0019 5300 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:21:17.0097 5300 AxInstSV - ok
17:21:17.0144 5300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:21:17.0191 5300 b06bdrv - ok
17:21:17.0238 5300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:21:17.0285 5300 b57nd60a - ok
17:21:17.0394 5300 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:21:17.0534 5300 BCM43XX - ok
17:21:17.0565 5300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:21:17.0597 5300 BDESVC - ok
17:21:17.0628 5300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:21:17.0690 5300 Beep - ok
17:21:17.0753 5300 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:21:17.0815 5300 BFE - ok
17:21:17.0846 5300 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:21:17.0893 5300 BITS - ok
17:21:17.0924 5300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:21:17.0955 5300 blbdrive - ok
17:21:18.0002 5300 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:21:18.0049 5300 bowser - ok
17:21:18.0080 5300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:21:18.0189 5300 BrFiltLo - ok
17:21:18.0221 5300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:21:18.0236 5300 BrFiltUp - ok
17:21:18.0299 5300 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:21:18.0345 5300 Browser - ok
17:21:18.0377 5300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:21:18.0439 5300 Brserid - ok
17:21:18.0455 5300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:21:18.0486 5300 BrSerWdm - ok
17:21:18.0517 5300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:21:18.0548 5300 BrUsbMdm - ok
17:21:18.0579 5300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:21:18.0611 5300 BrUsbSer - ok
17:21:18.0611 5300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:21:18.0642 5300 BTHMODEM - ok
17:21:18.0689 5300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:21:18.0720 5300 bthserv - ok
17:21:18.0782 5300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:21:18.0829 5300 cdfs - ok
17:21:18.0891 5300 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:21:18.0938 5300 cdrom - ok
17:21:18.0985 5300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:21:19.0047 5300 CertPropSvc - ok
17:21:19.0094 5300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:21:19.0125 5300 circlass - ok
17:21:19.0172 5300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:21:19.0188 5300 CLFS - ok
17:21:19.0250 5300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:21:19.0266 5300 clr_optimization_v2.0.50727_32 - ok
17:21:19.0297 5300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:21:19.0313 5300 clr_optimization_v2.0.50727_64 - ok
17:21:19.0406 5300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:21:19.0422 5300 clr_optimization_v4.0.30319_32 - ok
17:21:19.0469 5300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:21:19.0484 5300 clr_optimization_v4.0.30319_64 - ok
17:21:19.0515 5300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:21:19.0531 5300 CmBatt - ok
17:21:19.0562 5300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:21:19.0578 5300 cmdide - ok
17:21:19.0640 5300 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:21:19.0671 5300 CNG - ok
17:21:19.0703 5300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:21:19.0718 5300 Compbatt - ok
17:21:19.0765 5300 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:21:19.0812 5300 CompositeBus - ok
17:21:19.0827 5300 COMSysApp - ok
17:21:19.0843 5300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:21:19.0859 5300 crcdisk - ok
17:21:19.0905 5300 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:21:19.0952 5300 CryptSvc - ok
17:21:20.0046 5300 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:21:20.0061 5300 cvhsvc - ok
17:21:20.0124 5300 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:21:20.0139 5300 dc3d - ok
17:21:20.0202 5300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:21:20.0249 5300 DcomLaunch - ok
17:21:20.0295 5300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:21:20.0358 5300 defragsvc - ok
17:21:20.0420 5300 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:21:20.0467 5300 DfsC - ok
17:21:20.0529 5300 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:21:20.0576 5300 Dhcp - ok
17:21:20.0623 5300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:21:20.0654 5300 discache - ok
17:21:20.0685 5300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:21:20.0701 5300 Disk - ok
17:21:20.0763 5300 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys
17:21:20.0779 5300 DKbFltr - ok
17:21:20.0810 5300 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:21:20.0873 5300 Dnscache - ok
17:21:20.0919 5300 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:21:20.0966 5300 dot3svc - ok
17:21:21.0013 5300 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:21:21.0060 5300 DPS - ok
17:21:21.0091 5300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:21:21.0122 5300 drmkaud - ok
17:21:21.0169 5300 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:21:21.0200 5300 DXGKrnl - ok
17:21:21.0231 5300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:21:21.0278 5300 EapHost - ok
17:21:21.0372 5300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:21:21.0465 5300 ebdrv - ok
17:21:21.0512 5300 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:21:21.0575 5300 EFS - ok
17:21:21.0653 5300 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:21:21.0715 5300 ehRecvr - ok
17:21:21.0731 5300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:21:21.0762 5300 ehSched - ok
17:21:21.0809 5300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:21:21.0840 5300 elxstor - ok
17:21:21.0871 5300 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
17:21:21.0902 5300 enecir - ok
17:21:21.0918 5300 [ E17EB95358F396E27D573A1B20F891F8 ] enecirhid C:\Windows\system32\DRIVERS\enecirhid.sys
17:21:21.0949 5300 enecirhid - ok
17:21:21.0980 5300 [ 8492D808C79BD6FE439F77BE84956CDF ] enecirhidma C:\Windows\system32\DRIVERS\enecirhidma.sys
17:21:21.0996 5300 enecirhidma - ok
17:21:22.0058 5300 [ C97DF8DBB45B2FF2B36317A6380CD177 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
17:21:22.0074 5300 ePowerSvc - ok
17:21:22.0089 5300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:21:22.0105 5300 ErrDev - ok
17:21:22.0152 5300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:21:22.0199 5300 EventSystem - ok
17:21:22.0230 5300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:21:22.0277 5300 exfat - ok
17:21:22.0277 5300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:21:22.0323 5300 fastfat - ok
17:21:22.0386 5300 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:21:22.0448 5300 Fax - ok
17:21:22.0479 5300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:21:22.0495 5300 fdc - ok
17:21:22.0526 5300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:21:22.0573 5300 fdPHost - ok
17:21:22.0589 5300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:21:22.0635 5300 FDResPub - ok
17:21:22.0651 5300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:21:22.0667 5300 FileInfo - ok
17:21:22.0682 5300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:21:22.0760 5300 Filetrace - ok
17:21:22.0776 5300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:21:22.0791 5300 flpydisk - ok
17:21:22.0838 5300 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:21:22.0854 5300 FltMgr - ok
17:21:22.0916 5300 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:21:22.0994 5300 FontCache - ok
17:21:23.0057 5300 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:21:23.0057 5300 FontCache3.0.0.0 - ok
17:21:23.0088 5300 [ 305380D5D33BFDEAAF14D73E969239FC ] FPSensor C:\Windows\system32\Drivers\FPSensor.sys
17:21:23.0103 5300 FPSensor - ok
17:21:23.0135 5300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:21:23.0150 5300 FsDepends - ok
17:21:23.0197 5300 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:21:23.0197 5300 Fs_Rec - ok
17:21:23.0259 5300 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:21:23.0275 5300 fvevol - ok
17:21:23.0291 5300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:21:23.0306 5300 gagp30kx - ok
17:21:23.0369 5300 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:21:23.0447 5300 gpsvc - ok
17:21:23.0509 5300 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
17:21:23.0525 5300 GREGService - ok
17:21:23.0540 5300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:21:23.0571 5300 hcw85cir - ok
17:21:23.0634 5300 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:21:23.0649 5300 HdAudAddService - ok
17:21:23.0696 5300 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:21:23.0727 5300 HDAudBus - ok
17:21:23.0774 5300 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:21:23.0774 5300 HECIx64 - ok
17:21:23.0805 5300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:21:23.0837 5300 HidBatt - ok
17:21:23.0852 5300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:21:23.0883 5300 HidBth - ok
17:21:23.0915 5300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:21:23.0946 5300 HidIr - ok
17:21:23.0977 5300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:21:24.0039 5300 hidserv - ok
17:21:24.0086 5300 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:21:24.0102 5300 HidUsb - ok
17:21:24.0149 5300 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:21:24.0195 5300 hkmsvc - ok
17:21:24.0227 5300 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:21:24.0273 5300 HomeGroupListener - ok
17:21:24.0320 5300 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:21:24.0351 5300 HomeGroupProvider - ok
17:21:24.0398 5300 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:21:24.0414 5300 HpSAMD - ok
17:21:24.0476 5300 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:21:24.0539 5300 HTTP - ok
17:21:24.0585 5300 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:21:24.0585 5300 hwpolicy - ok
17:21:24.0648 5300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:21:24.0663 5300 i8042prt - ok
17:21:24.0710 5300 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:21:24.0726 5300 IAANTMON - ok
17:21:24.0741 5300 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:21:24.0757 5300 iaStor - ok
17:21:24.0819 5300 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:21:24.0835 5300 iaStorV - ok
17:21:24.0897 5300 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:21:24.0913 5300 idsvc - ok
17:21:25.0038 5300 [ 607013AF90E9107664F7204613DB5631 ] IGBASVC C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
17:21:25.0147 5300 IGBASVC ( UnsignedFile.Multi.Generic ) - warning
17:21:25.0147 5300 IGBASVC - detected UnsignedFile.Multi.Generic (1)
17:21:25.0178 5300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:21:25.0194 5300 iirsp - ok
17:21:25.0241 5300 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:21:25.0303 5300 IKEEXT - ok
17:21:25.0381 5300 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:21:25.0428 5300 Impcd - ok
17:21:25.0521 5300 [ FEADC18677A85A123E95A9B976101120 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:21:25.0599 5300 IntcAzAudAddService - ok
17:21:25.0615 5300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:21:25.0631 5300 intelide - ok
17:21:25.0662 5300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:21:25.0693 5300 intelppm - ok
17:21:25.0709 5300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:21:25.0771 5300 IPBusEnum - ok
17:21:25.0818 5300 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:25.0865 5300 IpFilterDriver - ok
17:21:25.0943 5300 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:21:26.0005 5300 iphlpsvc - ok
17:21:26.0036 5300 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:21:26.0052 5300 IPMIDRV - ok
17:21:26.0083 5300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:21:26.0130 5300 IPNAT - ok
17:21:26.0145 5300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:21:26.0208 5300 IRENUM - ok
17:21:26.0239 5300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:21:26.0255 5300 isapnp - ok
17:21:26.0301 5300 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:21:26.0301 5300 iScsiPrt - ok
17:21:26.0348 5300 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:21:26.0364 5300 JMCR - ok
17:21:26.0395 5300 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys
17:21:26.0426 5300 johci - ok
17:21:26.0473 5300 [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
17:21:26.0489 5300 k57nd60a - ok
17:21:26.0489 5300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:21:26.0504 5300 kbdclass - ok
17:21:26.0567 5300 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:21:26.0598 5300 kbdhid - ok
17:21:26.0629 5300 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:21:26.0645 5300 KeyIso - ok
17:21:26.0676 5300 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:21:26.0691 5300 KSecDD - ok
17:21:26.0723 5300 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:21:26.0738 5300 KSecPkg - ok
17:21:26.0769 5300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:21:26.0816 5300 ksthunk - ok
17:21:26.0847 5300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:21:26.0910 5300 KtmRm - ok
17:21:26.0972 5300 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:21:27.0019 5300 LanmanServer - ok
17:21:27.0066 5300 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:21:27.0128 5300 LanmanWorkstation - ok
17:21:27.0159 5300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:21:27.0222 5300 lltdio - ok
17:21:27.0253 5300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:21:27.0300 5300 lltdsvc - ok
17:21:27.0315 5300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:21:27.0362 5300 lmhosts - ok
17:21:27.0425 5300 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:21:27.0440 5300 LMS - ok
17:21:27.0487 5300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:21:27.0487 5300 LSI_FC - ok
17:21:27.0503 5300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:21:27.0518 5300 LSI_SAS - ok
17:21:27.0534 5300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:21:27.0549 5300 LSI_SAS2 - ok
17:21:27.0549 5300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:21:27.0565 5300 LSI_SCSI - ok
17:21:27.0581 5300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:21:27.0627 5300 luafv - ok
17:21:27.0721 5300 [ E9D110AF4EDD56EEA8DD3144029739E3 ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
17:21:27.0737 5300 lxduCATSCustConnectService - ok
17:21:27.0737 5300 lxdu_device - ok
17:21:27.0783 5300 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:21:27.0799 5300 Mcx2Svc - ok
17:21:27.0830 5300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:21:27.0830 5300 megasas - ok
17:21:27.0846 5300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:21:27.0861 5300 MegaSR - ok
17:21:27.0893 5300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:21:27.0955 5300 MMCSS - ok
17:21:27.0986 5300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:21:28.0017 5300 Modem - ok
17:21:28.0064 5300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:21:28.0080 5300 monitor - ok
17:21:28.0142 5300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:21:28.0158 5300 mouclass - ok
17:21:28.0173 5300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:21:28.0205 5300 mouhid - ok
17:21:28.0251 5300 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:21:28.0267 5300 mountmgr - ok
17:21:28.0345 5300 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:21:28.0361 5300 MozillaMaintenance - ok
17:21:28.0376 5300 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:21:28.0392 5300 mpio - ok
17:21:28.0423 5300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:21:28.0470 5300 mpsdrv - ok
17:21:28.0532 5300 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:21:28.0610 5300 MpsSvc - ok
17:21:28.0673 5300 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:21:28.0704 5300 MRxDAV - ok
17:21:28.0751 5300 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:28.0813 5300 mrxsmb - ok
17:21:28.0844 5300 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:28.0875 5300 mrxsmb10 - ok
17:21:28.0891 5300 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:28.0907 5300 mrxsmb20 - ok
17:21:28.0953 5300 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:21:28.0953 5300 msahci - ok
17:21:29.0000 5300 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:21:29.0000 5300 msdsm - ok
17:21:29.0016 5300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:21:29.0047 5300 MSDTC - ok
17:21:29.0078 5300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:21:29.0125 5300 Msfs - ok
17:21:29.0125 5300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:21:29.0172 5300 mshidkmdf - ok
17:21:29.0203 5300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:21:29.0219 5300 msisadrv - ok
17:21:29.0250 5300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:21:29.0297 5300 MSiSCSI - ok
17:21:29.0312 5300 msiserver - ok
17:21:29.0343 5300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:21:29.0375 5300 MSKSSRV - ok
17:21:29.0390 5300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:29.0437 5300 MSPCLOCK - ok
17:21:29.0453 5300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:21:29.0499 5300 MSPQM - ok
17:21:29.0531 5300 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:21:29.0546 5300 MsRPC - ok
17:21:29.0593 5300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:21:29.0609 5300 mssmbios - ok
17:21:29.0624 5300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:21:29.0687 5300 MSTEE - ok
17:21:29.0687 5300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:21:29.0718 5300 MTConfig - ok
17:21:29.0749 5300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:21:29.0749 5300 Mup - ok
17:21:29.0796 5300 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:21:29.0796 5300 mwlPSDFilter - ok
17:21:29.0811 5300 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:21:29.0827 5300 mwlPSDNServ - ok
17:21:29.0843 5300 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:21:29.0843 5300 mwlPSDVDisk - ok
17:21:29.0905 5300 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
17:21:29.0921 5300 MWLService - ok
17:21:29.0967 5300 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:21:30.0014 5300 napagent - ok
17:21:30.0061 5300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:21:30.0077 5300 NativeWifiP - ok
17:21:30.0155 5300 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:21:30.0186 5300 NDIS - ok
17:21:30.0201 5300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:21:30.0248 5300 NdisCap - ok
17:21:30.0295 5300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:30.0326 5300 NdisTapi - ok
17:21:30.0389 5300 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:30.0420 5300 Ndisuio - ok
17:21:30.0467 5300 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:30.0513 5300 NdisWan - ok
17:21:30.0560 5300 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:21:30.0607 5300 NDProxy - ok
17:21:30.0654 5300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:21:30.0701 5300 NetBIOS - ok
17:21:30.0732 5300 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:21:30.0779 5300 NetBT - ok
17:21:30.0810 5300 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:21:30.0825 5300 Netlogon - ok
17:21:30.0857 5300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:21:30.0919 5300 Netman - ok
17:21:30.0935 5300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:21:30.0981 5300 netprofm - ok
17:21:31.0013 5300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:21:31.0028 5300 NetTcpPortSharing - ok
17:21:31.0044 5300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:21:31.0059 5300 nfrd960 - ok
17:21:31.0106 5300 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:21:31.0153 5300 NlaSvc - ok
17:21:31.0247 5300 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
17:21:31.0340 5300 NOBU - ok
17:21:31.0356 5300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:21:31.0403 5300 Npfs - ok
17:21:31.0418 5300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:21:31.0465 5300 nsi - ok
17:21:31.0481 5300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:21:31.0527 5300 nsiproxy - ok
17:21:31.0605 5300 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:21:31.0652 5300 Ntfs - ok
17:21:31.0715 5300 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:21:31.0730 5300 NTI IScheduleSvc - ok
17:21:31.0761 5300 [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:21:31.0761 5300 NTIBackupSvc - ok
17:21:31.0793 5300 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
17:21:31.0808 5300 NTIDrvr - ok
17:21:31.0839 5300 [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:21:31.0839 5300 NTISchedulerSvc - ok
17:21:31.0886 5300 [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:21:31.0902 5300 NuidFltr - ok
17:21:31.0917 5300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:21:31.0980 5300 Null - ok
17:21:32.0011 5300 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:21:32.0027 5300 nvraid - ok
17:21:32.0089 5300 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:21:32.0105 5300 nvstor - ok
17:21:32.0151 5300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:21:32.0167 5300 nv_agp - ok
17:21:32.0214 5300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:21:32.0229 5300 ohci1394 - ok
17:21:32.0292 5300 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:21:32.0307 5300 ose - ok
17:21:32.0448 5300 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:21:32.0619 5300 osppsvc - ok
17:21:32.0651 5300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:21:32.0697 5300 p2pimsvc - ok
17:21:32.0729 5300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:21:32.0744 5300 p2psvc - ok
17:21:32.0775 5300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:21:32.0791 5300 Parport - ok
17:21:32.0822 5300 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:21:32.0838 5300 partmgr - ok
17:21:32.0838 5300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:21:32.0869 5300 PcaSvc - ok
17:21:32.0885 5300 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:21:32.0900 5300 pci - ok
17:21:32.0931 5300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:21:32.0931 5300 pciide - ok
17:21:32.0963 5300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:21:32.0978 5300 pcmcia - ok
17:21:32.0994 5300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:21:33.0009 5300 pcw - ok
17:21:33.0041 5300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:21:33.0072 5300 PEAUTH - ok
17:21:33.0181 5300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:21:33.0212 5300 PerfHost - ok
17:21:33.0259 5300 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:21:33.0353 5300 pla - ok
17:21:33.0431 5300 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:21:33.0462 5300 PlugPlay - ok
17:21:33.0477 5300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:21:33.0509 5300 PNRPAutoReg - ok
17:21:33.0540 5300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:21:33.0555 5300 PNRPsvc - ok
17:21:33.0571 5300 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:21:33.0587 5300 Point64 - ok
17:21:33.0633 5300 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:21:33.0696 5300 PolicyAgent - ok
17:21:33.0711 5300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:21:33.0774 5300 Power - ok
17:21:33.0821 5300 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:21:33.0867 5300 PptpMiniport - ok
17:21:33.0899 5300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:21:33.0914 5300 Processor - ok
17:21:33.0945 5300 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:21:33.0977 5300 ProfSvc - ok
17:21:33.0992 5300 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:21:34.0008 5300 ProtectedStorage - ok
17:21:34.0055 5300 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:21:34.0086 5300 Psched - ok
17:21:34.0148 5300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:21:34.0211 5300 ql2300 - ok
17:21:34.0242 5300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:21:34.0257 5300 ql40xx - ok
17:21:34.0273 5300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:21:34.0304 5300 QWAVE - ok
17:21:34.0320 5300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:21:34.0367 5300 QWAVEdrv - ok
17:21:34.0398 5300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:21:34.0445 5300 RasAcd - ok
17:21:34.0491 5300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:21:34.0538 5300 RasAgileVpn - ok
17:21:34.0554 5300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:21:34.0601 5300 RasAuto - ok
17:21:34.0632 5300 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:34.0679 5300 Rasl2tp - ok
17:21:34.0725 5300 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:21:34.0772 5300 RasMan - ok
17:21:34.0788 5300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:34.0850 5300 RasPppoe - ok
17:21:34.0866 5300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:21:34.0913 5300 RasSstp - ok
17:21:34.0959 5300 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:21:35.0022 5300 rdbss - ok
17:21:35.0053 5300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:21:35.0069 5300 rdpbus - ok
17:21:35.0115 5300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:35.0162 5300 RDPCDD - ok
17:21:35.0178 5300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:21:35.0225 5300 RDPENCDD - ok
17:21:35.0240 5300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:21:35.0287 5300 RDPREFMP - ok
17:21:35.0334 5300 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:21:35.0381 5300 RDPWD - ok
17:21:35.0412 5300 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:21:35.0427 5300 rdyboost - ok
17:21:35.0443 5300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:21:35.0505 5300 RemoteAccess - ok
17:21:35.0521 5300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:21:35.0568 5300 RemoteRegistry - ok
17:21:35.0583 5300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:21:35.0646 5300 RpcEptMapper - ok
17:21:35.0677 5300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:21:35.0708 5300 RpcLocator - ok
17:21:35.0739 5300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:21:35.0771 5300 RpcSs - ok
17:21:35.0802 5300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:21:35.0864 5300 rspndr - ok
17:21:35.0911 5300 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
17:21:35.0927 5300 RS_Service - ok
17:21:35.0958 5300 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
17:21:35.0973 5300 RTHDMIAzAudService - ok
17:21:35.0989 5300 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:21:35.0989 5300 SamSs - ok
17:21:36.0036 5300 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:21:36.0051 5300 sbp2port - ok
17:21:36.0083 5300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:21:36.0129 5300 SCardSvr - ok
17:21:36.0161 5300 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:21:36.0207 5300 scfilter - ok
17:21:36.0270 5300 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:21:36.0332 5300 Schedule - ok
17:21:36.0363 5300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:21:36.0395 5300 SCPolicySvc - ok
17:21:36.0441 5300 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:21:36.0473 5300 sdbus - ok
17:21:36.0504 5300 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:21:36.0535 5300 SDRSVC - ok
17:21:36.0566 5300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:21:36.0613 5300 secdrv - ok
17:21:36.0660 5300 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:21:36.0707 5300 seclogon - ok
17:21:36.0738 5300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:21:36.0769 5300 SENS - ok
17:21:36.0785 5300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:21:36.0831 5300 SensrSvc - ok
17:21:36.0831 5300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:21:36.0847 5300 Serenum - ok
17:21:36.0894 5300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:21:36.0909 5300 Serial - ok
17:21:36.0909 5300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:21:36.0925 5300 sermouse - ok
17:21:36.0987 5300 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:21:37.0019 5300 SessionEnv - ok
17:21:37.0065 5300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:21:37.0097 5300 sffdisk - ok
17:21:37.0112 5300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:21:37.0128 5300 sffp_mmc - ok
17:21:37.0159 5300 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:21:37.0175 5300 sffp_sd - ok
17:21:37.0206 5300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:21:37.0237 5300 sfloppy - ok
17:21:37.0284 5300 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:21:37.0299 5300 Sftfs - ok
17:21:37.0362 5300 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:21:37.0377 5300 sftlist - ok
17:21:37.0409 5300 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:21:37.0409 5300 Sftplay - ok
17:21:37.0424 5300 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:21:37.0440 5300 Sftredir - ok
17:21:37.0440 5300 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:21:37.0455 5300 Sftvol - ok
17:21:37.0471 5300 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:21:37.0487 5300 sftvsa - ok
17:21:37.0518 5300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:21:37.0565 5300 SharedAccess - ok
17:21:37.0611 5300 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:21:37.0658 5300 ShellHWDetection - ok
17:21:37.0689 5300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:21:37.0705 5300 SiSRaid2 - ok
17:21:37.0721 5300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:21:37.0721 5300 SiSRaid4 - ok
17:21:37.0752 5300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:21:37.0783 5300 Smb - ok
17:21:37.0814 5300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:21:37.0845 5300 SNMPTRAP - ok
17:21:37.0861 5300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:21:37.0861 5300 spldr - ok
17:21:37.0908 5300 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:21:37.0939 5300 Spooler - ok
17:21:38.0033 5300 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:21:38.0189 5300 sppsvc - ok
17:21:38.0220 5300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:21:38.0282 5300 sppuinotify - ok
17:21:38.0313 5300 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:21:38.0360 5300 srv - ok
17:21:38.0391 5300 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:21:38.0407 5300 srv2 - ok
17:21:38.0438 5300 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:21:38.0454 5300 srvnet - ok
17:21:38.0485 5300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:21:38.0547 5300 SSDPSRV - ok
17:21:38.0563 5300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:21:38.0594 5300 SstpSvc - ok
17:21:38.0625 5300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:21:38.0625 5300 stexstor - ok
17:21:38.0688 5300 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:21:38.0719 5300 stisvc - ok
17:21:38.0766 5300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:21:38.0766 5300 swenum - ok
17:21:38.0797 5300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:21:38.0859 5300 swprv - ok
17:21:38.0906 5300 [ 5AEEC2BB8065B563ADBC88CA22588953 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:21:38.0922 5300 SynTP - ok
17:21:38.0984 5300 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:21:39.0047 5300 SysMain - ok
17:21:39.0093 5300 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:39.0109 5300 TabletInputService - ok
17:21:39.0156 5300 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:21:39.0203 5300 TapiSrv - ok
17:21:39.0234 5300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:21:39.0281 5300 TBS - ok
17:21:39.0374 5300 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:21:39.0437 5300 Tcpip - ok
17:21:39.0499 5300 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:21:39.0530 5300 TCPIP6 - ok
17:21:39.0577 5300 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:21:39.0639 5300 tcpipreg - ok
17:21:39.0671 5300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:21:39.0702 5300 TDPIPE - ok
17:21:39.0733 5300 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:21:39.0749 5300 TDTCP - ok
17:21:39.0795 5300 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:21:39.0842 5300 tdx - ok
17:21:39.0905 5300 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:21:39.0905 5300 TermDD - ok
17:21:39.0951 5300 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:21:39.0998 5300 TermService - ok
17:21:40.0029 5300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:21:40.0045 5300 Themes - ok
17:21:40.0076 5300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:21:40.0107 5300 THREADORDER - ok
17:21:40.0123 5300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:21:40.0170 5300 TrkWks - ok
17:21:40.0217 5300 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:40.0263 5300 TrustedInstaller - ok
17:21:40.0295 5300 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:40.0341 5300 tssecsrv - ok
17:21:40.0404 5300 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:21:40.0435 5300 TsUsbFlt - ok
17:21:40.0482 5300 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:21:40.0544 5300 tunnel - ok
17:21:40.0591 5300 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:21:40.0591 5300 TurboB - ok
17:21:40.0638 5300 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:21:40.0638 5300 TurboBoost - ok
17:21:40.0669 5300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:21:40.0685 5300 uagp35 - ok
17:21:40.0685 5300 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
17:21:40.0700 5300 UBHelper - ok
17:21:40.0731 5300 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:21:40.0778 5300 udfs - ok
17:21:40.0809 5300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:21:40.0825 5300 UI0Detect - ok
17:21:40.0841 5300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:21:40.0856 5300 uliagpkx - ok
17:21:40.0903 5300 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:21:40.0919 5300 umbus - ok
17:21:40.0965 5300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:21:40.0981 5300 UmPass - ok
17:21:41.0106 5300 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:21:41.0168 5300 UNS - ok
17:21:41.0231 5300 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:21:41.0231 5300 Updater Service - ok
17:21:41.0262 5300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:21:41.0309 5300 upnphost - ok
17:21:41.0355 5300 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:41.0402 5300 usbccgp - ok
17:21:41.0449 5300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:21:41.0465 5300 usbcir - ok
17:21:41.0496 5300 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:21:41.0527 5300 usbehci - ok
17:21:41.0543 5300 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:21:41.0574 5300 usbhub - ok
17:21:41.0621 5300 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:21:41.0636 5300 usbohci - ok
17:21:41.0683 5300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:21:41.0699 5300 usbprint - ok
17:21:41.0745 5300 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:21:41.0761 5300 usbscan - ok
17:21:41.0777 5300 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:41.0808 5300 USBSTOR - ok
17:21:41.0839 5300 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:21:41.0855 5300 usbuhci - ok
17:21:41.0886 5300 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:21:41.0917 5300 usbvideo - ok
17:21:41.0948 5300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:21:41.0995 5300 UxSms - ok
17:21:42.0011 5300 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:21:42.0011 5300 VaultSvc - ok
17:21:42.0042 5300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:21:42.0042 5300 vdrvroot - ok
17:21:42.0104 5300 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:21:42.0167 5300 vds - ok
17:21:42.0198 5300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:42.0213 5300 vga - ok
17:21:42.0245 5300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:21:42.0307 5300 VgaSave - ok
17:21:42.0354 5300 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:21:42.0369 5300 vhdmp - ok
17:21:42.0401 5300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:21:42.0416 5300 viaide - ok
17:21:42.0463 5300 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:21:42.0479 5300 volmgr - ok
17:21:42.0510 5300 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:21:42.0525 5300 volmgrx - ok
17:21:42.0572 5300 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:21:42.0588 5300 volsnap - ok
17:21:42.0619 5300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:42.0635 5300 vsmraid - ok
17:21:42.0697 5300 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:21:42.0791 5300 VSS - ok
17:21:42.0806 5300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:42.0837 5300 vwifibus - ok
17:21:42.0884 5300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:42.0900 5300 vwififlt - ok
17:21:42.0931 5300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:21:42.0978 5300 W32Time - ok
17:21:42.0993 5300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:21:43.0009 5300 WacomPen - ok
17:21:43.0071 5300 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:21:43.0118 5300 WANARP - ok
17:21:43.0118 5300 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:21:43.0149 5300 Wanarpv6 - ok
17:21:43.0212 5300 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:21:43.0305 5300 wbengine - ok
17:21:43.0337 5300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:21:43.0352 5300 WbioSrvc - ok
17:21:43.0399 5300 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:21:43.0415 5300 wcncsvc - ok
17:21:43.0430 5300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:43.0446 5300 WcsPlugInService - ok
17:21:43.0477 5300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:21:43.0477 5300 Wd - ok
17:21:43.0524 5300 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:21:43.0539 5300 Wdf01000 - ok
17:21:43.0555 5300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:21:43.0649 5300 WdiServiceHost - ok
17:21:43.0664 5300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:21:43.0680 5300 WdiSystemHost - ok
17:21:43.0711 5300 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:21:43.0742 5300 WebClient - ok
17:21:43.0758 5300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:21:43.0820 5300 Wecsvc - ok
17:21:43.0836 5300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:21:43.0883 5300 wercplsupport - ok
17:21:43.0914 5300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:21:43.0976 5300 WerSvc - ok
17:21:44.0023 5300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:44.0054 5300 WfpLwf - ok
17:21:44.0070 5300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:21:44.0085 5300 WIMMount - ok
17:21:44.0101 5300 WinDefend - ok
17:21:44.0117 5300 WinHttpAutoProxySvc - ok
17:21:44.0179 5300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:21:44.0226 5300 Winmgmt - ok
17:21:44.0335 5300 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:21:44.0429 5300 WinRM - ok
17:21:44.0507 5300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:21:44.0522 5300 Wlansvc - ok
17:21:44.0585 5300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:21:44.0616 5300 WmiAcpi - ok
17:21:44.0631 5300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:21:44.0663 5300 wmiApSrv - ok
17:21:44.0694 5300 WMPNetworkSvc - ok
17:21:44.0709 5300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:21:44.0725 5300 WPCSvc - ok
17:21:44.0772 5300 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:21:44.0787 5300 WPDBusEnum - ok
17:21:44.0819 5300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:21:44.0865 5300 ws2ifsl - ok
17:21:44.0881 5300 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:21:44.0912 5300 wscsvc - ok
17:21:44.0975 5300 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:21:45.0006 5300 WSDPrintDevice - ok
17:21:45.0006 5300 WSearch - ok
17:21:45.0084 5300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:21:45.0193 5300 wuauserv - ok
17:21:45.0209 5300 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:21:45.0255 5300 WudfPf - ok
17:21:45.0333 5300 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:45.0380 5300 WUDFRd - ok
17:21:45.0427 5300 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:21:45.0458 5300 wudfsvc - ok
17:21:45.0489 5300 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:21:45.0536 5300 WwanSvc - ok
17:21:45.0552 5300 ================ Scan global ===============================
17:21:45.0567 5300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:21:45.0614 5300 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:21:45.0630 5300 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:21:45.0692 5300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:21:45.0723 5300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:21:45.0723 5300 [Global] - ok
17:21:45.0723 5300 ================ Scan MBR ==================================
17:21:45.0739 5300 [ 9C51D3FD2697BD2AE931BE1D6F1E6FFA ] \Device\Harddisk0\DR0
17:21:46.0207 5300 \Device\Harddisk0\DR0 - ok
17:21:46.0207 5300 ================ Scan VBR ==================================
17:21:46.0223 5300 [ ECE6BC819F3CCAF3E20F4C3E35FFC213 ] \Device\Harddisk0\DR0\Partition1
17:21:46.0223 5300 \Device\Harddisk0\DR0\Partition1 - ok
17:21:46.0238 5300 [ 54CBBA5F579EECE3425AE7E92BBD0789 ] \Device\Harddisk0\DR0\Partition2
17:21:46.0238 5300 \Device\Harddisk0\DR0\Partition2 - ok
17:21:46.0238 5300 ============================================================
17:21:46.0238 5300 Scan finished
17:21:46.0238 5300 ============================================================
17:21:46.0238 1228 Detected object count: 1
17:21:46.0238 1228 Actual detected object count: 1
17:22:40.0074 1228 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:40.0074 1228 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von cosinus (07.11.2012 um 20:27 Uhr) |
|
07.11.2012, 20:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Wäre schön wenn du dich an meine anfangs erwähnten Hinweise auch noch gehalten hättest! Die Logs sollen in CODE-Tags!  Dieses mal korrigiere ich das noch Zudem ist das Log von aswMBR unvollständig bitte richtig erstellen und vollständig posten in CODE-Tags!
__________________ --> http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} |
|
07.11.2012, 21:44
| #7 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Sorry war nicht mit absicht Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-07 20:39:57
-----------------------------
20:39:57.195 OS Version: Windows x64 6.1.7601 Service Pack 1
20:39:57.195 Number of processors: 4 586 0x2505
20:39:57.210 ComputerName: ERIK-BLACK-PC UserName: Erik-Black
20:39:58.677 Initialize success
20:40:05.197 AVAST engine defs: 12110700
20:40:10.704 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:10.704 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:40:10.751 Disk 0 MBR read successfully
20:40:10.751 Disk 0 MBR scan
20:40:10.767 Disk 0 unknown MBR code
20:40:10.782 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:40:10.798 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 31459328
20:40:10.813 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 38799360
20:40:10.829 Disk 0 Partition - 00 0F Extended LBA 457894 MB offset 39004160
20:40:10.860 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 457893 MB offset 39006208
20:40:10.891 Disk 0 scanning C:\Windows\system32\drivers
20:40:25.087 Service scanning
20:41:43.509 Modules scanning
20:41:43.509 Disk 0 trace - called modules:
20:41:43.556 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:41:43.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d74060]
20:41:43.556 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b0f050]
20:41:45.693 AVAST engine scan C:\Windows
20:41:50.981 AVAST engine scan C:\Windows\system32
20:44:33.940 AVAST engine scan C:\Windows\system32\drivers
20:44:48.011 AVAST engine scan C:\Users\Erik-Black
20:50:50.868 File: C:\Users\Erik-Black\AppData\Local\Temp\jar_cache3468978188379476580.tmp **INFECTED** Win32:Gertref-B [Trj]
20:50:50.962 File: C:\Users\Erik-Black\AppData\Local\Temp\jar_cache694059258332601981.tmp **INFECTED** Win32:Gertref-B [Trj]
20:50:51.055 File: C:\Users\Erik-Black\AppData\Local\Temp\jar_cache9013570262654527508.tmp **INFECTED** Win32:Gertref-B [Trj]
20:56:21.682 AVAST engine scan C:\ProgramData
20:57:27.701 Scan finished successfully
21:41:51.970 Disk 0 MBR has been saved successfully to "C:\Users\Erik-Black\Documents\MBR.dat"
21:41:51.970 The log file has been saved successfully to "C:\Users\Erik-Black\Documents\aswMBR2.txt"
|
|
07.11.2012, 22:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Gut, sollte so ok gehen Mach bitte einen CustomScan mit OTL . Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2012, 23:29
| #9 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Es kam das Code:
ATTFilter OTL logfile created on: 07.11.2012 23:08:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erik-Black\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 53,06% Memory free 7,73 Gb Paging File | 5,55 Gb Available in Paging File | 71,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 288,88 Gb Free Space | 64,60% Space Free | Partition Type: NTFS Computer Name: ERIK-BLACK-PC | User Name: Erik-Black | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.07 23:06:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erik-Black\Downloads\OTL.exe PRC - [2012.10.27 17:32:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.28 16:10:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.28 15:28:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.28 18:43:54 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2011.01.28 13:08:56 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.11.07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.28 23:22:46 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.05.27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.02.09 19:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe PRC - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.10.07 08:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe PRC - [2009.09.05 09:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe PRC - [2009.09.05 09:17:50 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe PRC - [2009.09.05 09:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.08.07 13:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.09.10 12:11:16 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe PRC - [2008.09.10 12:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2012.10.27 17:32:42 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2011.01.11 00:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.09.10 12:11:12 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe MOD - [2008.09.10 10:56:27 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll MOD - [2008.09.10 10:56:14 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll MOD - [2008.09.10 10:56:12 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll MOD - [2008.09.10 10:53:19 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll MOD - [2008.09.10 10:40:35 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll MOD - [2008.09.10 10:40:31 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.06 07:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.05.27 05:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008.05.23 13:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device) SRV:64bit: - [2008.05.23 13:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2012.10.27 17:32:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 17:39:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.28 16:10:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.28 15:28:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.26 18:58:06 | 000,783,392 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.05.23 13:58:45 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.05.23 13:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.21 11:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 11:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.12 05:51:47 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:64bit: - [2010.10.20 11:59:36 | 000,353,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djavs.sys -- (a8djavs) DRV:64bit: - [2010.10.20 11:59:36 | 000,094,288 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djusb.sys -- (a8djusb_svc) DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.21 16:58:50 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010.07.01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 05:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.04.28 07:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 07:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.23 03:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.09.21 03:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.03 11:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.29 03:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.07 08:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.19 14:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.24 11:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.26 04:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4 IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18710 IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18710" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchplusnetwork.com/?sp=vit4" FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Erik-Black\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik-Black\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Erik-Black\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.25 18:36:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.25 18:36:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:32:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:32:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 17:32:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:32:41 | 000,000,000 | ---D | M] [2010.12.28 18:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Extensions [2012.10.23 15:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions [2011.04.21 18:19:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.28 17:48:26 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com [2011.08.18 17:35:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\ffxtlbr@babylon.com [2012.07.25 15:37:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.30 16:25:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.09.02 10:29:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire [2012.09.09 22:34:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire [2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.11.07 16:39:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.11.03 09:15:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.10.21 16:17:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire [2012.09.05 15:27:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire [2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.09.05 15:27:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire [2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.11.07 23:06:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.09.19 18:04:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire [2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.10.30 17:37:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire [2012.10.28 08:41:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire [2012.10.30 17:37:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire [2012.09.19 18:04:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire [2012.11.07 16:27:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire [2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.11.07 16:27:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire [2012.10.21 16:17:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2012.11.07 16:27:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.11.03 09:15:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.11.03 09:15:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.07.28 17:48:26 | 000,002,792 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\searchplugins\Plusnetwork.xml [2012.10.31 10:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.31 10:07:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.27 17:32:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.30 13:09:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.29 15:09:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.30 15:53:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.30 13:09:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 13:09:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 13:09:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 13:09:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe () O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2491908633-3605410663-139423965-1001..\Run: [Facebook Update] C:\Users\Erik-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36051E6F-BBFE-45BD-97D3-5C043F8D3688}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03D9625-4545-4570-8BD2-EB6A38A25AF6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 16:24:04 | 000,000,000 | ---D | C] -- C:\Users\Erik-Black\AppData\Roaming\Malwarebytes [2012.11.06 16:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.06 16:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 16:23:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.06 16:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.31 10:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.27 17:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Users\Erik-Black\Documents\*.tmp files -> C:\Users\Erik-Black\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.07 22:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 21:41:51 | 000,000,512 | ---- | M] () -- C:\Users\Erik-Black\Documents\MBR.dat [2012.11.07 20:31:01 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2491908633-3605410663-139423965-1001UA.job [2012.11.07 16:30:08 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2491908633-3605410663-139423965-1001Core.job [2012.11.07 16:16:53 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.07 16:16:53 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.07 16:16:53 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.07 16:16:53 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.07 16:16:53 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.07 16:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.06 19:28:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 19:28:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 19:20:07 | 3113,308,160 | -HS- | M] () -- C:\hiberfil.sys [2012.11.06 16:23:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 19:56:40 | 000,001,402 | ---- | M] () -- C:\Users\Erik-Black\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.28 08:38:02 | 390,414,224 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.24 16:55:34 | 000,001,510 | ---- | M] () -- C:\Users\Erik-Black\.recently-used.xbel [2012.10.23 22:04:26 | 000,001,359 | ---- | M] () -- C:\Users\Erik-Black\Documents\Dokument.rtf [1 C:\Users\Erik-Black\Documents\*.tmp files -> C:\Users\Erik-Black\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.07 20:39:40 | 000,000,512 | ---- | C] () -- C:\Users\Erik-Black\Documents\MBR.dat [2012.11.06 16:23:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 19:56:40 | 000,001,402 | ---- | C] () -- C:\Users\Erik-Black\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.24 16:55:34 | 000,001,510 | ---- | C] () -- C:\Users\Erik-Black\.recently-used.xbel [2012.10.23 22:04:26 | 000,001,359 | ---- | C] () -- C:\Users\Erik-Black\Documents\Dokument.rtf [2012.06.03 16:28:05 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll [2012.06.03 16:28:05 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll [2012.06.03 16:28:05 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll [2012.06.03 16:26:51 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll [2012.06.03 16:26:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll [2012.06.03 16:26:51 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll [2012.06.03 16:26:50 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll [2012.06.03 16:26:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll [2012.06.03 16:26:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll [2012.06.03 16:26:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll [2012.06.03 16:26:49 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll [2012.06.03 16:26:48 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll [2012.06.03 16:26:48 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll [2012.06.03 16:26:48 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe [2012.06.03 16:26:48 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll [2012.06.03 16:26:48 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe [2012.06.03 16:26:48 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe [2011.04.21 17:23:12 | 000,671,590 | ---- | C] () -- C:\Users\Erik-Black\Unbenannt.xcf [2010.12.28 23:26:12 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.28 18:03:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.11.12 05:44:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.11.12 05:44:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.11.12 05:44:40 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.11.12 05:44:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2010.11.12 05:35:14 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.11.09 05:01:10 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.13 10:22:18 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.07 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion [2012.10.28 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoft [2011.10.16 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.25 10:02:29 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Electronic Arts [2011.08.10 17:01:27 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Friday's games [2012.10.24 16:44:33 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\gtk-2.0 [2011.01.25 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Local [2010.12.29 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\PowerCinema [2011.06.09 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\SoftDMA [2012.09.23 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\SoftGrid Client [2011.11.21 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\TeamViewer [2010.12.28 23:26:58 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\TP ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.28 17:48:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.12.28 19:15:55 | 000,000,000 | ---D | M] -- C:\Black [2010.11.12 05:39:47 | 000,000,000 | ---D | M] -- C:\book [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.12.28 17:46:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.13 10:05:54 | 000,000,000 | ---D | M] -- C:\Intel [2012.06.03 16:30:02 | 000,000,000 | ---D | M] -- C:\logs [2010.12.28 23:31:57 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.28 17:48:27 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.06.03 16:27:38 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.06 19:18:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.06 16:23:51 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.28 17:46:49 | 000,000,000 | -HSD | M] -- C:\Programme [2010.12.28 17:46:49 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.07 23:10:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.28 17:46:57 | 000,000,000 | R--D | M] -- C:\Users [2012.10.28 08:38:02 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.08 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Adobe [2011.03.01 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\ATI [2011.03.08 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Avira [2012.11.07 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion [2010.12.28 23:23:33 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\CyberLink [2011.06.09 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\DivX [2012.10.28 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoft [2011.10.16 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.25 10:02:29 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Electronic Arts [2011.08.10 17:01:27 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Friday's games [2012.10.24 16:44:33 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\gtk-2.0 [2010.12.28 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Identities [2011.01.25 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Local [2010.12.28 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Macromedia [2012.11.06 16:24:04 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Media Center Programs [2011.12.08 17:30:23 | 000,000,000 | --SD | M] -- C:\Users\Erik-Black\AppData\Roaming\Microsoft [2010.12.28 18:03:44 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\Mozilla [2010.12.29 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\PowerCinema [2011.06.09 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\SoftDMA [2012.09.23 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\SoftGrid Client [2011.11.21 20:57:15 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\TeamViewer [2010.12.28 23:26:58 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\TP [2010.12.28 19:16:11 | 000,000,000 | ---D | M] -- C:\Users\Erik-Black\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe [2011.10.25 10:02:31 | 000,042,756 | ---- | M] (Electronic Arts) -- C:\Users\Erik-Black\AppData\Roaming\Electronic Arts\Game Face\uninstall.exe [2011.12.08 18:25:59 | 008,111,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Erik-Black\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011.04.25 09:11:38 | 000,010,134 | R--- | M] () -- C:\Users\Erik-Black\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2012.08.24 17:56:31 | 011,020,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.11.2012 23:08:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erik-Black\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 53,06% Memory free
7,73 Gb Paging File | 5,55 Gb Available in Paging File | 71,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,16 Gb Total Space | 288,88 Gb Free Space | 64,60% Space Free | Partition Type: NTFS
Computer Name: ERIK-BLACK-PC | User Name: Erik-Black | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0189E9F3-DF6C-44C7-BBC0-42F20BB37A72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0EEF4E3E-5C3F-4C1F-AC56-BFBF600C11EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1041D01B-2F0D-4681-A4F3-D68BFA1A9E79}" = lport=139 | protocol=6 | dir=in | app=system |
"{1563A3D4-790D-4888-B391-2C47AFA8A2D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21612CFE-FD0E-489C-A2D8-3D68CF8E37F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{22CA3CA9-B88C-44EF-AC72-EB41ACB4D58E}" = rport=139 | protocol=6 | dir=out | app=system |
"{25C1D821-91C5-4509-B7AD-684D92E23A76}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{265389BF-94C1-4189-BC07-8D330B67CFB2}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BA0E926-D7D5-4401-9B1B-128E11AADA3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F1059D6-9CBA-4A7B-A7CD-9FD47711B397}" = lport=137 | protocol=17 | dir=in | app=system |
"{446F3AC9-4967-4E86-ADAF-D5252C1AE215}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54F76B16-50F0-4D25-9F3C-A08574EDC2BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F0882BB-F6DF-4AA0-8C1E-5CA573A657FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FC5B363-FF47-4207-A4BB-C0BDC9FDB6B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C45F045-AFC0-4E86-8BF4-6E44E28F14DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{907B81E0-7B91-477F-BFC2-2F178EA71BAF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9546C4D4-2C46-4812-80EF-69F1C080B07F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A4EAC90-EA97-4DB1-913F-112308C6FCBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9E1EB902-832D-4C97-8357-903075662AA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAC3AFDB-5D1C-4724-90E3-081EB32ADBCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF342C5C-B588-47B1-B9C4-7F232F92A9A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{B55D4A80-8455-4502-9B28-4F84B57907D9}" = lport=445 | protocol=6 | dir=in | app=system |
"{B5CA635D-0C4E-439F-8705-5FB4A90DF585}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B7360A39-BD3E-4A95-A95F-7CD776418DB2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9ABE1FF-44E7-43F0-89E1-D40A0B479C78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8DABC2E-BEB3-4422-97E1-77123ED89E69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D70600BC-B369-4B3C-83D8-10C34E52AB52}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E5443FBA-2D17-4CF1-A5FF-21940A33EF2F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F5D54FFF-9D48-4B40-9AFB-A15CD3C1EA52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7A57282-B29D-44DF-B271-9C3E9DCCE517}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDA49383-D032-48E1-A01A-F2A7C93AD11A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038D33C8-21B1-47AA-BD8C-A6AE965B509A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{05FCEFC7-C56C-4B2C-9400-212E29649AFA}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{0E8FAF7C-A8E8-4373-8FCE-F1DB7D4B10AE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{103CCE92-5DDA-43B6-B461-783B7C458C85}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{14157688-3605-4C32-A03F-14FAB47F6FE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17EF406B-886A-4151-A6C8-9DD1689D3FFC}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{207C6234-01CB-4B3B-8E44-43212EFF7B8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E5B1A88-2A8E-4F58-8289-05BB935334AA}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{3BA74C43-0C9C-4EED-A945-68F13849689A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{412353CE-1AB3-4071-AB28-6E7ABBF28DE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41C4B671-FEE4-4B4E-BFCA-6DBCA53DEC20}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{44B49F6C-444E-497F-8526-09C9A67DF999}" = dir=in | app=c:\users\erik-black\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{50C961CE-A598-4ED1-9652-5C251B87DC32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{525C611D-620D-4759-A365-70DA350B04D0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{58D3E408-81E3-44E2-99A9-105F0FD26708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DF8E48F-8540-4EF0-A316-D980965BE36D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BD89921-9648-4410-8032-98D33F25CF4D}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{6D06BD52-CCC5-46D9-99B9-38B7D2460BB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70CCC7CA-BC71-41B6-A385-6E4869972D48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{820CA737-B029-4564-82E2-71FDDD8A75A3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
"{829E705B-839B-442A-A729-30572643B5E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85CD9ACF-D4E7-4511-A9B7-9F6983B2B59D}" = protocol=6 | dir=out | app=system |
"{937DF63D-5C26-4D56-ADAD-4EA95BC15659}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94A67968-82B8-4E69-A5BA-23B2E22F3306}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9902DCE2-6092-431D-B23A-8754F60E15EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9936319C-AD0A-4C43-A08F-46F7E8763AF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1F5352B-7399-47A8-A229-DB969CB0C601}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{A519B44C-D9EF-4335-9907-B08A9485C06B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{A809C247-2055-48A4-B59D-0C283A46D76A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AB51950B-2E83-4051-AB1D-1DEE45D92F1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABAD2839-25C8-49E0-AABA-AD1CF242114B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B49781BF-283E-4D4A-97BA-0B66E802C92C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C0846857-3A0E-485E-897C-901FD96E371D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1B5C0F9-EB47-406C-9F07-92E3B79D736C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5F0C132-1848-4E89-A9DE-7FA2B3921C07}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{DDD692D0-D4F2-4FE7-8E36-00FB1EF04EDC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EA07E5B7-1980-4414-87FC-091D7B203AC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC315B41-2808-414F-B99D-A84E395E65F9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EEAE32DE-253D-47D5-8C55-1FB13A613D5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FA9311E9-B283-4E08-ABA3-DD72F954D970}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"TCP Query User{8382C992-9D09-4145-B2E2-05FE6021AD10}C:\users\erik-black\downloads\torrenteasy-sims-3-patch-to-1-3-24-and-crack.exe" = protocol=6 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-sims-3-patch-to-1-3-24-and-crack.exe |
"TCP Query User{8D19CBEE-F2D2-4462-BEA8-FA37ABC8DAF2}C:\users\erik-black\downloads\torrenteasy-sims-3-version-1-18-9-no-cd-crack.exe" = protocol=6 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-sims-3-version-1-18-9-no-cd-crack.exe |
"TCP Query User{99C92A8A-5D59-4B61-9FB3-4D50066A4608}C:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 11\manager11.exe |
"TCP Query User{C542D55E-9032-4B86-9DBE-8FB9437141B8}C:\users\erik-black\downloads\torrenteasy-b7a118834a58b3b7a9e1dd2f1b3d6baf33b7d76a.exe" = protocol=6 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-b7a118834a58b3b7a9e1dd2f1b3d6baf33b7d76a.exe |
"TCP Query User{F2B90A01-0229-41C2-9987-E4CE77946F9D}C:\users\erik-black\downloads\torrenteasy-absolute-80-s-2-disc-edition.exe" = protocol=6 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-absolute-80-s-2-disc-edition.exe |
"TCP Query User{F76CD0B1-F0D4-4708-9F7F-25A293372FFE}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"UDP Query User{087DB0B2-FBCB-43F7-9CF6-BFFFA51249E1}C:\program files (x86)\ultramixer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ultramixer\jre\bin\javaw.exe |
"UDP Query User{3C30FA93-F6AA-41F6-9462-9207DA6722B3}C:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 11\manager11.exe |
"UDP Query User{42B5D2FC-7DFA-43AD-9BB3-4D689338F8BD}C:\users\erik-black\downloads\torrenteasy-sims-3-patch-to-1-3-24-and-crack.exe" = protocol=17 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-sims-3-patch-to-1-3-24-and-crack.exe |
"UDP Query User{602A79A2-91E9-4B1A-BD79-8704B0CFC73E}C:\users\erik-black\downloads\torrenteasy-sims-3-version-1-18-9-no-cd-crack.exe" = protocol=17 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-sims-3-version-1-18-9-no-cd-crack.exe |
"UDP Query User{F307A2B1-0C29-485B-83FF-19CAF8B69FDD}C:\users\erik-black\downloads\torrenteasy-absolute-80-s-2-disc-edition.exe" = protocol=17 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-absolute-80-s-2-disc-edition.exe |
"UDP Query User{FFAD2E5D-F824-4E6B-9464-8CE402A300C7}C:\users\erik-black\downloads\torrenteasy-b7a118834a58b3b7a9e1dd2f1b3d6baf33b7d76a.exe" = protocol=17 | dir=in | app=c:\users\erik-black\downloads\torrenteasy-b7a118834a58b3b7a9e1dd2f1b3d6baf33b7d76a.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10647DB1-F3AE-3440-5BDA-06EFE4A44108}" = ATI Catalyst Install Manager
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{BC28E83D-3052-1A97-B625-6D0FF0B40CE2}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032412BA-DE82-47C2-B414-A1C96822189B}" = Acer Arcade Instant On
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E0A78EF-F492-45F9-4855-5309758CF2EA}" = CCC Help Thai
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1C1E0945-99D3-963D-BBBA-23D9F0857A46}" = CCC Help Norwegian
"{1F1B14EC-B2C6-4BB7-227B-820392171079}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{26B4BA03-EF4A-8E18-7EF5-9A68E6D95AF7}" = Catalyst Control Center Graphics Previews Vista
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{27D73229-BBB9-BCB6-1CA5-73A54DB15EDC}" = CCC Help Russian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BE0D6E7-C8FE-95BC-FCF3-4C6CB6220AD3}" = Catalyst Control Center InstallProxy
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{302C20CE-FED3-ECF7-C723-C8EA4B90017A}" = CCC Help Hungarian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.3
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E00FF47-16D3-6364-F2A3-8143FEAE5228}" = CCC Help Finnish
"{3FC3A95C-37D8-C194-46F5-FAE5176B0CA1}" = CCC Help Portuguese
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{44CBE3ED-EEC2-C060-C967-D6213D123678}" = CCC Help Japanese
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{50664AE0-2AEB-1677-E163-07C61AC88FFB}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A333861-BA82-C7A5-1457-E634FDF1BA74}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78C93293-4164-8659-C34B-FEDA4066C300}" = CCC Help Turkish
"{7C64C223-182D-ED62-6A63-3F117EC357B5}" = CCC Help Dutch
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{816BAAEA-9FC8-2905-90A6-F1CEDBF77B9B}" = CCC Help Greek
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88A17EF9-F0B3-B83E-0A5A-3D9A0A7B1E45}" = CCC Help Italian
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91793303-D169-CF1B-6373-848FE660BC8A}" = CCC Help Swedish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B8C90283-AF97-2AD8-7DE1-5296254468F4}" = PX Profile Update
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC55928A-052C-71CA-9531-714CD2315006}" = CCC Help English
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D94A618C-0FC5-83C7-14C1-4B1FB5524F27}" = Catalyst Control Center Localization All
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2496226-362E-EB76-5A7A-87F4B4A03930}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E64058F7-B3FF-023B-B383-CFEABDCE86DC}" = CCC Help French
"{E85DDE64-B7D9-14D6-7420-28992B9C440D}" = CCC Help German
"{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}" = Die Siedler 2 - Die nächste Generation
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16769E9-7F7A-82E7-89D6-A57F3D396460}" = CCC Help Chinese Standard
"{FD0EF866-AC56-CD7E-D4E5-7FC5FC4C6BE9}" = CCC Help Spanish
"{FF36FF27-5C09-4FEE-2D0C-FE63BD3148D7}" = CCC Help Korean
"{FF54CA15-17CE-3F01-EB41-6D335B1DC97B}" = CCC Help Polish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EA Installer.-1797597899" = EA Installer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Geheimnis von Montezuma 3" = Geheimnis von Montezuma 3
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 18:30:44 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.08.2012 18:32:25 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.09.2012 10:23:44 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.09.2012 10:25:37 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 04.09.2012 12:16:34 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.09.2012 12:18:24 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 07.09.2012 01:13:19 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 07.09.2012 01:15:13 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.09.2012 23:19:45 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.09.2012 23:21:43 | Computer Name = Erik-Black-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 03.11.2012 20:40:44 | Computer Name = Erik-Black-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?11.?2012 um 14:05:20 unerwartet heruntergefahren.
Error - 03.11.2012 20:40:46 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 03.11.2012 20:40:46 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.11.2012 20:42:42 | Computer Name = Erik-Black-PC | Source = DCOM | ID = 10016
Description =
Error - 04.11.2012 06:59:53 | Computer Name = Erik-Black-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?11.?2012 um 02:08:23 unerwartet heruntergefahren.
Error - 04.11.2012 06:59:58 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 04.11.2012 06:59:58 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.11.2012 14:20:27 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.
Error - 06.11.2012 14:20:27 | Computer Name = Erik-Black-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.11.2012 14:22:25 | Computer Name = Erik-Black-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
07.11.2012, 23:32
| #10 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} hoffe ist ok |
|
08.11.2012, 11:24
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe
IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9}
IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18710
IE - HKU\S-1-5-21-2491908633-3605410663-139423965-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18710"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.searchplusnetwork.com/?sp=vit4"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "http://www.searchplusnetwork.com/?sp=vit4&q="
[2012.07.28 17:48:26 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com
[2011.08.18 17:35:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\ffxtlbr@babylon.com
[2012.07.25 15:37:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.30 16:25:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.02 10:29:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.09.09 22:34:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.11.07 16:39:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.11.03 09:15:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.10.21 16:17:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.09.05 15:27:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.09.05 15:27:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.11.07 23:06:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.07 23:06:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.09.19 18:04:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.10.30 17:37:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire
[2012.10.28 08:41:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012.10.30 17:37:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire
[2012.09.19 18:04:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.11.07 16:27:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.11.07 16:27:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.07 16:27:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.10.21 16:17:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.11.07 16:27:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.11.03 09:15:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.11.03 09:15:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.07.28 17:48:26 | 000,002,792 | ---- | M] () -- C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\searchplugins\Plusnetwork.xml
[2011.04.29 15:09:09 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - Startup: C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
:Files
C:\ProgramData\FullRemove.exe
C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com
C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion
C:\Program Files (x86)\BabylonToolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 16:47
| #12 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} beim erstenmal ist er von alleine runter gefahren habe aus sicherhet es nochmal gemacht und dann kam der OK button zum Neustart und das war der log Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2491908633-3605410663-139423965-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2491908633-3605410663-139423965-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2491908633-3605410663-139423965-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2491908633-3605410663-139423965-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18710" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchplusnetwork.com/?sp=vit4" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledAddons
Prefs.js: bbrs_002@blabbers.com:1.0.5 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://www.searchplusnetwork.com/?sp=vit4&q=" removed from keyword.URL
Folder C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\ not found.
Folder C:\Users\Erik-Black\AppData\Roaming\mozilla\Firefox\Profiles\shhjkdie.default\extensions\ffxtlbr@babylon.com\ not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire not found.
File C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\searchplugins\Plusnetwork.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe not found.
File move failed. C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk scheduled to be moved on reboot.
File C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion\tbhcn.exe not found.
Unable to delete ADS C:\ProgramData\Temp:93EB7685 .
Unable to delete ADS C:\ProgramData\Temp:E1F04E8D .
Unable to delete ADS C:\ProgramData\Temp:0B9176C0 .
Unable to delete ADS C:\ProgramData\Temp:E3C56885 .
Unable to delete ADS C:\ProgramData\Temp:4D066AD2 .
Unable to delete ADS C:\ProgramData\Temp:798A3728 .
========== FILES ==========
File\Folder C:\ProgramData\FullRemove.exe not found.
File\Folder C:\Users\Erik-Black\AppData\Roaming\mozilla\firefox\profiles\shhjkdie.default\extensions\bbrs_002@blabbers.com not found.
File\Folder C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found.
File\Folder C:\Users\Erik-Black\AppData\Roaming\BrowserCompanion not found.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Erik-Black\Downloads\cmd.bat deleted successfully.
C:\Users\Erik-Black\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Erik-Black
->Temp folder emptied: 1014 bytes
->Temporary Internet Files folder emptied: 64901 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11961178 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 11082012_163915
Files\Folders moved on Reboot...
File\Folder C:\Users\Erik-Black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found!
C:\Users\Erik-Black\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.11.2012, 17:09
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 17:11
| #14 |
| | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Gemacht Code:
ATTFilter # AdwCleaner v2.007 - Datei am 08/11/2012 um 17:10:52 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Erik-Black - ERIK-BLACK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Erik-Black\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Babylon
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Users\Erik-Black\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Erik-Black\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Erik-Black\AppData\Roaming\Mozilla\Firefox\Profiles\shhjkdie.default\prefs.js
Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gefunden : user_pref("extensions.BabylonToolbar.firstRun", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "16A9D47F4D5C0E0212A0B6EB393623C3");
Gefunden : user_pref("extensions.BabylonToolbar.lastActv", "16");
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 6);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "16.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 90786413);
Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
*************************
AdwCleaner[R1].txt - [8776 octets] - [08/11/2012 17:10:52]
########## EOF - C:\AdwCleaner[R1].txt - [8836 octets] ##########
|
|
08.11.2012, 18:59
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB Babylon) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu http://ad.adserverplus.com/st?ad_type=iframe&ad_size=800x440§ion=2971503&pub_url=${PUB_URL} |
| administrator, anti-malware, appdata, autostart, browser, cache, dateien, explorer, fix, gelöscht, gen, helper, install, install.exe, jquery, microsoft, quarantäne, seite, seiten, software, speicher, temp, uninstall.exe, version, öffnen, öffnet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
