Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spanner auf dem Laptop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2013, 11:22   #1
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Hallo,
vorerst wusste ich nicht genau in welches Subforum das hier soll, ausserdem, wenn euch ein besserer Titel einfällt, dann ändert ihn ruhig.
Ich hatte gestern abend Probleme das Spiel League of Legends zu starten, obwohl andere im Spiel waren. Der Server funktionierte nicht mehr, auch nicht die Internetseite.
Also probierte ich was rum hier und da und auf einmal hörte ich über meine Boxen jemanden durch sein Headset atmen.
Obwohl ich nicht in Skype war, kannte ich dieses Atmen dennoch aus der ein oder anderen Sykpekonversation, doch ich erinnnere mich nicht dran wer es war.
Auf jeden Fall hat der kleine Spanner wohl Zugriff auf meinen Lappy und hat gestern (ob Versehen oder Absicht) sein Headsetinput über meinen PC abgegeben; er atmete drei mal, ich konnte es gut (wieder-)erkennen.
Es ist wohl ein Trojaner drauf, das generelle Prozedere eures Forums kenne ich, vielleicht könntet ihr mir ja hier weiterhelfen.
LG

Okay, im Anhang sind die archivierten Logfiles.

Alt 15.05.2013, 19:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.05.2013, 20:27   #3
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Nein, ich habe leider sonst keine Logs. Mein Avira hat auch nix gefunden, soll ich Malwarebytes, ESET oÄ runterladen und drüberschauen lassen?
PS: Entschuldigung für die ZIP-Datei.
__________________

Alt 15.05.2013, 20:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2013, 23:39   #5
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Ok, hier ist das ComboFix-Log. Da hast du dir ja ganz schön was vorgenommen, vielen Dank, dass du dir die Arbeit machst, bei der Leistung kann die Polizei nicht mehr mithalten.
Code:
ATTFilter
ComboFix 13-05-15.01 - NoPC 16.05.2013   0:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.3043 [GMT 2:00]
ausgeführt von:: c:\users\NoPC\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\7B607050E3.sys
c:\users\NoPC\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\NoPC\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-15 bis 2013-05-15  ))))))))))))))))))))))))))))))
.
.
2013-05-15 22:17 . 2013-05-15 22:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-10 14:46 . 2013-05-10 14:45	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-09 20:40 . 2013-05-09 20:40	--------	d-----w-	c:\users\NoPC\AppData\Roaming\Avira
2013-05-09 20:39 . 2013-03-06 14:13	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-05-09 20:39 . 2013-02-26 14:56	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-05-09 20:39 . 2013-02-26 14:56	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-05-09 20:39 . 2013-05-09 20:39	--------	d-----w-	c:\program files (x86)\Avira
2013-05-09 20:27 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DA2ADFA-12A6-48DD-95D9-2BCC16A2AAE7}\mpengine.dll
2013-04-26 14:18 . 2013-05-14 23:22	--------	d-----w-	c:\users\NoPC\AppData\Roaming\Skype
2013-04-26 14:18 . 2013-05-14 23:22	--------	d-----w-	c:\programdata\Skype
2013-04-24 09:16 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-20 13:51 . 2013-04-20 13:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-20 13:51 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-19 15:51 . 2013-04-28 12:43	--------	d-----w-	c:\users\NoPC\AppData\Local\Microsoft Games
2013-04-17 12:56 . 2013-04-17 12:56	--------	d-----w-	c:\users\NoPC\AppData\Roaming\SynthMaker
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 10:24 . 2012-05-11 18:55	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 10:24 . 2012-05-11 18:55	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-05-11 14:44	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-19 14:53 . 2012-05-11 17:20	1890	--sha-w-	c:\programdata\KGyGaAvL.sys
2013-04-10 21:23 . 2012-05-11 17:23	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-27 16:27 . 2013-01-23 15:38	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 16:27 . 2013-01-23 15:38	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-27 15:33 . 2013-03-27 15:33	98816	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2013-03-27 15:33 . 2013-03-27 15:33	86016	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-27 15:33 . 2013-03-27 15:33	69632	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2013-03-27 15:33 . 2013-03-27 15:33	421376	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2013-03-27 15:33 . 2013-03-27 15:33	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2013-03-27 15:33 . 2013-03-27 15:33	28672	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2013-03-27 15:33 . 2013-03-27 15:33	221312	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2013-03-27 15:33 . 2013-03-27 15:33	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2013-03-27 15:33 . 2013-03-27 15:33	212992	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2013-03-27 15:33 . 2013-03-27 15:33	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-27 15:33 . 2013-03-27 15:33	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-27 15:33 . 2013-03-27 15:33	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-27 15:33 . 2013-03-27 15:33	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2013-03-27 15:33 . 2012-05-11 21:42	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2013-03-19 06:04 . 2013-04-10 14:54	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:53	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:53	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:53	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:53	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:53	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 15:01	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-10 21:22	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 21:21	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 21:22	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 21:22	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 21:22	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 21:22	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 21:22	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 21:22	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 21:22	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 21:22	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 21:22	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 21:22	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 21:22	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 21:22	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 21:22	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 21:22	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 21:22	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 21:22	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 21:22	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 21:22	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 21:22	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 21:22	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 15:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 15:08	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 15:08	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 15:08	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 15:08	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 15:08	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-05 19:47	1520840	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-05 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\NoPC\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-22 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-05 1573576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2013-03-27 239968]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2013-01-23 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-03-27 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2013-03-27 421376]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-04-20 37480]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2010-04-16 1816968]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 28600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-27 86016]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-04-20 37480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 10:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{15C6007F-2EF5-48E8-B90E-DC2A022B68A2}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{1A5A97B9-B5E0-47E1-A3BD-05EB7D097894}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{C920DCA4-A539-423A-B398-6E33C5D5C0AF}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{D178080C-AFF7-41EA-B3AB-1DB549356106}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\NoPC\AppData\Roaming\Mozilla\Firefox\Profiles\g2t79mkl.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-03 22:30; toolbar@ask.com; c:\users\NoPC\AppData\Roaming\Mozilla\Firefox\Profiles\g2t79mkl.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-04-30 21:51; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\NoPC\AppData\Roaming\Mozilla\Firefox\Profiles\g2t79mkl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
AddRemove-{0E086923-AAA3-4F98-A6E2-48B64CE27553} - c:\programdata\{F21A5765-AACF-4530-991E-CE1346273F96}\Reaktor Factory Selection Setup PC.exe
AddRemove-{6438691E-D44E-4A18-B6C4-D1EB26281D6A} - c:\programdata\{57B10C8A-9A38-45B2-B696-92DA7712A65C}\Mikro Prism Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}\Traktor 2 Setup PC.exe
AddRemove-{E9EA5F38-6299-45A1-9D23-F21729A19357} - c:\programdata\{9E29F016-D990-499F-A0B5-6A0E0FA86B6E}\Reaktor 5 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-16  00:34:51
ComboFix-quarantined-files.txt  2013-05-15 22:34
.
Vor Suchlauf: 13 Verzeichnis(se), 317.389.447.168 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 317.432.614.912 Bytes frei
.
- - End Of File - - 9B0C360344CBAA8B8DE8E80B68054A37
         


Alt 16.05.2013, 12:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Spanner auf dem Laptop

Alt 16.05.2013, 20:45   #7
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



mbar Logfile (kein Fund)
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NoPC :: NOPC-PC [administrator]

16.05.2013 21:15:09
mbar-log-2013-05-16 (21-15-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29294
Time elapsed: 11 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswmbr Logfile
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-16 21:20:00
-----------------------------
21:20:00.929    OS Version: Windows x64 6.1.7601 Service Pack 1
21:20:00.929    Number of processors: 2 586 0x170A
21:20:00.929    ComputerName: NOPC-PC  UserName: NoPC
21:20:02.036    Initialize success
21:20:39.493    AVAST engine defs: 13051600
21:20:45.077    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:20:45.077    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
21:20:45.202    Disk 0 MBR read successfully
21:20:45.218    Disk 0 MBR scan
21:20:45.233    Disk 0 Windows VISTA default MBR code
21:20:45.249    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
21:20:45.265    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24578048
21:20:45.280    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       464838 MB offset 24782848
21:20:45.358    Disk 0 scanning C:\Windows\system32\drivers
21:21:01.177    Service scanning
21:21:28.243    Modules scanning
21:21:28.243    Disk 0 trace - called modules:
21:21:28.289    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:21:28.289    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004962350]
21:21:28.289    3 CLASSPNP.SYS[fffff880015ce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470f050]
21:21:30.115    AVAST engine scan C:\Windows
21:21:35.263    AVAST engine scan C:\Windows\system32
21:26:00.494    AVAST engine scan C:\Windows\system32\drivers
21:26:18.434    AVAST engine scan C:\Users\NoPC
21:31:10.311    AVAST engine scan C:\ProgramData
21:32:12.992    Scan finished successfully
21:32:48.279    Disk 0 MBR has been saved successfully to "C:\Users\NoPC\Desktop\MBR.dat"
21:32:48.295    The log file has been saved successfully to "C:\Users\NoPC\Desktop\aswMBR.txt"
         
TDSS Logfile (befand sich allerdings nicht in einem Ordner sondern ist auf der Produktoberfläche unter "Report" zu finden)
Code:
ATTFilter
21:38:26.0098 1552  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:38:26.0114 1552  ============================================================
21:38:26.0114 1552  Current date / time: 2013/05/16 21:38:26.0114
21:38:26.0114 1552  SystemInfo:
21:38:26.0114 1552  
21:38:26.0114 1552  OS Version: 6.1.7601 ServicePack: 1.0
21:38:26.0114 1552  Product type: Workstation
21:38:26.0114 1552  ComputerName: NOPC-PC
21:38:26.0114 1552  UserName: NoPC
21:38:26.0114 1552  Windows directory: C:\Windows
21:38:26.0114 1552  System windows directory: C:\Windows
21:38:26.0114 1552  Running under WOW64
21:38:26.0114 1552  Processor architecture: Intel x64
21:38:26.0114 1552  Number of processors: 2
21:38:26.0114 1552  Page size: 0x1000
21:38:26.0114 1552  Boot type: Normal boot
21:38:26.0114 1552  ============================================================
21:38:26.0535 1552  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:26.0551 1552  ============================================================
21:38:26.0551 1552  \Device\Harddisk0\DR0:
21:38:26.0551 1552  MBR partitions:
21:38:26.0551 1552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:38:26.0551 1552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
21:38:26.0551 1552  ============================================================
21:38:26.0582 1552  C: <-> \Device\Harddisk0\DR0\Partition2
21:38:26.0582 1552  ============================================================
21:38:26.0582 1552  Initialize success
21:38:26.0582 1552  ============================================================
21:38:37.0128 4936  ============================================================
21:38:37.0128 4936  Scan started
21:38:37.0128 4936  Mode: Manual; SigCheck; TDLFS; 
21:38:37.0128 4936  ============================================================
21:38:37.0408 4936  ================ Scan system memory ========================
21:38:37.0408 4936  System memory - ok
21:38:37.0408 4936  ================ Scan services =============================
21:38:37.0549 4936  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:38:37.0611 4936  1394ohci - ok
21:38:37.0689 4936  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:38:37.0705 4936  ACPI - ok
21:38:37.0736 4936  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:38:37.0767 4936  AcpiPmi - ok
21:38:37.0939 4936  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:37.0970 4936  AdobeFlashPlayerUpdateSvc - ok
21:38:38.0001 4936  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:38:38.0017 4936  adp94xx - ok
21:38:38.0032 4936  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:38:38.0064 4936  adpahci - ok
21:38:38.0064 4936  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:38:38.0079 4936  adpu320 - ok
21:38:38.0110 4936  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:38:38.0157 4936  AeLookupSvc - ok
21:38:38.0188 4936  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:38:38.0220 4936  AFD - ok
21:38:38.0282 4936  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
21:38:38.0329 4936  AgereSoftModem - ok
21:38:38.0391 4936  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:38:38.0407 4936  agp440 - ok
21:38:38.0656 4936  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
21:38:38.0656 4936  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
21:38:38.0656 4936  Akamai ( HiddenFile.Multi.Generic ) - warning
21:38:38.0656 4936  Akamai - detected HiddenFile.Multi.Generic (1)
21:38:38.0703 4936  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:38:38.0719 4936  ALG - ok
21:38:38.0766 4936  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:38:38.0797 4936  aliide - ok
21:38:38.0828 4936  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:38:38.0844 4936  AMD External Events Utility - ok
21:38:38.0859 4936  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:38:38.0875 4936  amdide - ok
21:38:38.0890 4936  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:38:38.0906 4936  AmdK8 - ok
21:38:38.0922 4936  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:38:38.0937 4936  AmdPPM - ok
21:38:38.0984 4936  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:38:39.0000 4936  amdsata - ok
21:38:39.0015 4936  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:38:39.0031 4936  amdsbs - ok
21:38:39.0046 4936  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:38:39.0062 4936  amdxata - ok
21:38:39.0093 4936  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
21:38:39.0171 4936  androidusb - ok
21:38:39.0280 4936  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:38:39.0296 4936  AntiVirSchedulerService - ok
21:38:39.0343 4936  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:38:39.0358 4936  AntiVirService - ok
21:38:39.0405 4936  [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
21:38:39.0468 4936  ApfiltrService - ok
21:38:39.0514 4936  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:38:39.0546 4936  AppID - ok
21:38:39.0577 4936  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:38:39.0624 4936  AppIDSvc - ok
21:38:39.0655 4936  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:38:39.0670 4936  Appinfo - ok
21:38:39.0733 4936  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:38:39.0764 4936  arc - ok
21:38:39.0764 4936  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:38:39.0780 4936  arcsas - ok
21:38:39.0795 4936  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:39.0842 4936  AsyncMac - ok
21:38:39.0873 4936  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:38:39.0904 4936  atapi - ok
21:38:39.0967 4936  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:38:39.0998 4936  athr - ok
21:38:40.0185 4936  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:40.0279 4936  atikmdag - ok
21:38:40.0388 4936  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:38:40.0450 4936  AudioEndpointBuilder - ok
21:38:40.0482 4936  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:38:40.0528 4936  AudioSrv - ok
21:38:40.0591 4936  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:38:40.0653 4936  avgntflt - ok
21:38:40.0716 4936  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:38:40.0778 4936  avipbb - ok
21:38:40.0794 4936  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:38:40.0825 4936  avkmgr - ok
21:38:40.0872 4936  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:38:40.0918 4936  AxInstSV - ok
21:38:40.0965 4936  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:38:40.0981 4936  b06bdrv - ok
21:38:41.0012 4936  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:38:41.0028 4936  b57nd60a - ok
21:38:41.0059 4936  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
21:38:41.0090 4936  BCM43XX - ok
21:38:41.0121 4936  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:38:41.0137 4936  BDESVC - ok
21:38:41.0168 4936  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:38:41.0199 4936  Beep - ok
21:38:41.0262 4936  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:38:41.0308 4936  BFE - ok
21:38:41.0371 4936  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:38:41.0418 4936  BITS - ok
21:38:41.0464 4936  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:38:41.0480 4936  blbdrive - ok
21:38:41.0496 4936  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:38:41.0511 4936  bowser - ok
21:38:41.0542 4936  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:38:41.0558 4936  BrFiltLo - ok
21:38:41.0574 4936  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:38:41.0589 4936  BrFiltUp - ok
21:38:41.0620 4936  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:38:41.0667 4936  BridgeMP - ok
21:38:41.0698 4936  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:38:41.0714 4936  Browser - ok
21:38:41.0730 4936  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:38:41.0745 4936  Brserid - ok
21:38:41.0745 4936  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:41.0776 4936  BrSerWdm - ok
21:38:41.0792 4936  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:41.0808 4936  BrUsbMdm - ok
21:38:41.0808 4936  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:41.0823 4936  BrUsbSer - ok
21:38:41.0839 4936  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:41.0854 4936  BTHMODEM - ok
21:38:41.0886 4936  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:38:41.0932 4936  bthserv - ok
21:38:41.0948 4936  catchme - ok
21:38:41.0979 4936  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:38:42.0010 4936  cdfs - ok
21:38:42.0057 4936  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:38:42.0073 4936  cdrom - ok
21:38:42.0120 4936  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:38:42.0166 4936  CertPropSvc - ok
21:38:42.0182 4936  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:38:42.0198 4936  circlass - ok
21:38:42.0229 4936  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:38:42.0260 4936  CLFS - ok
21:38:42.0322 4936  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:42.0338 4936  clr_optimization_v2.0.50727_32 - ok
21:38:42.0400 4936  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:38:42.0432 4936  clr_optimization_v2.0.50727_64 - ok
21:38:42.0494 4936  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:42.0525 4936  clr_optimization_v4.0.30319_32 - ok
21:38:42.0541 4936  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:38:42.0556 4936  clr_optimization_v4.0.30319_64 - ok
21:38:42.0603 4936  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:42.0619 4936  CmBatt - ok
21:38:42.0634 4936  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:38:42.0650 4936  cmdide - ok
21:38:42.0697 4936  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:38:42.0728 4936  CNG - ok
21:38:42.0759 4936  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:38:42.0775 4936  Compbatt - ok
21:38:42.0822 4936  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:38:42.0853 4936  CompositeBus - ok
21:38:42.0853 4936  COMSysApp - ok
21:38:42.0868 4936  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:38:42.0884 4936  crcdisk - ok
21:38:42.0931 4936  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:38:42.0946 4936  CryptSvc - ok
21:38:42.0993 4936  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:38:43.0040 4936  DcomLaunch - ok
21:38:43.0071 4936  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:38:43.0102 4936  defragsvc - ok
21:38:43.0196 4936  [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
21:38:43.0212 4936  Desura Install Service - ok
21:38:43.0258 4936  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:38:43.0305 4936  DfsC - ok
21:38:43.0336 4936  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:38:43.0368 4936  Dhcp - ok
21:38:43.0399 4936  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:38:43.0446 4936  discache - ok
21:38:43.0477 4936  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:38:43.0492 4936  Disk - ok
21:38:43.0570 4936  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
21:38:43.0633 4936  DKbFltr - ok
21:38:43.0680 4936  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:38:43.0695 4936  Dnscache - ok
21:38:43.0742 4936  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:38:43.0789 4936  dot3svc - ok
21:38:43.0820 4936  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:38:43.0867 4936  DPS - ok
21:38:43.0898 4936  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:38:43.0914 4936  drmkaud - ok
21:38:43.0976 4936  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:38:44.0023 4936  DXGKrnl - ok
21:38:44.0054 4936  EagleX64 - ok
21:38:44.0085 4936  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:38:44.0132 4936  EapHost - ok
21:38:44.0226 4936  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:38:44.0288 4936  ebdrv - ok
21:38:44.0319 4936  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:38:44.0335 4936  EFS - ok
21:38:44.0397 4936  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:38:44.0428 4936  ehRecvr - ok
21:38:44.0460 4936  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:38:44.0475 4936  ehSched - ok
21:38:44.0506 4936  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:38:44.0522 4936  elxstor - ok
21:38:44.0631 4936  [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:38:44.0694 4936  ePowerSvc - ok
21:38:44.0709 4936  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:38:44.0725 4936  ErrDev - ok
21:38:44.0772 4936  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:38:44.0818 4936  EventSystem - ok
21:38:44.0881 4936  [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
21:38:44.0896 4936  ewusbmbb - ok
21:38:44.0943 4936  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:38:44.0974 4936  ew_hwusbdev - ok
21:38:45.0006 4936  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:38:45.0037 4936  exfat - ok
21:38:45.0052 4936  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:38:45.0099 4936  fastfat - ok
21:38:45.0162 4936  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:38:45.0193 4936  Fax - ok
21:38:45.0224 4936  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:38:45.0240 4936  fdc - ok
21:38:45.0271 4936  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:38:45.0302 4936  fdPHost - ok
21:38:45.0318 4936  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:38:45.0364 4936  FDResPub - ok
21:38:45.0380 4936  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:38:45.0396 4936  FileInfo - ok
21:38:45.0411 4936  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:38:45.0458 4936  Filetrace - ok
21:38:45.0474 4936  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:45.0489 4936  flpydisk - ok
21:38:45.0536 4936  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:38:45.0567 4936  FltMgr - ok
21:38:45.0614 4936  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:38:45.0630 4936  FontCache - ok
21:38:45.0708 4936  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:38:45.0723 4936  FontCache3.0.0.0 - ok
21:38:45.0739 4936  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:38:45.0754 4936  FsDepends - ok
21:38:45.0786 4936  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:38:45.0801 4936  Fs_Rec - ok
21:38:45.0848 4936  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:38:45.0864 4936  fvevol - ok
21:38:45.0879 4936  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:38:45.0895 4936  gagp30kx - ok
21:38:45.0957 4936  Giraffic - ok
21:38:46.0004 4936  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:38:46.0066 4936  gpsvc - ok
21:38:46.0066 4936  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:38:46.0082 4936  hcw85cir - ok
21:38:46.0129 4936  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:38:46.0160 4936  HdAudAddService - ok
21:38:46.0207 4936  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:38:46.0222 4936  HDAudBus - ok
21:38:46.0238 4936  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:38:46.0254 4936  HidBatt - ok
21:38:46.0269 4936  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:38:46.0285 4936  HidBth - ok
21:38:46.0300 4936  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:38:46.0316 4936  HidIr - ok
21:38:46.0347 4936  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:38:46.0378 4936  hidserv - ok
21:38:46.0425 4936  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:38:46.0441 4936  HidUsb - ok
21:38:46.0472 4936  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:38:46.0503 4936  hkmsvc - ok
21:38:46.0550 4936  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:38:46.0581 4936  HomeGroupListener - ok
21:38:46.0612 4936  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:38:46.0628 4936  HomeGroupProvider - ok
21:38:46.0659 4936  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:38:46.0675 4936  HpSAMD - ok
21:38:46.0737 4936  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:38:46.0815 4936  HTTP - ok
21:38:46.0862 4936  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:38:46.0878 4936  huawei_enumerator - ok
21:38:46.0924 4936  [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:38:46.0940 4936  hwdatacard - ok
21:38:47.0018 4936  [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
21:38:47.0034 4936  HWDeviceService64.exe - ok
21:38:47.0065 4936  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:38:47.0080 4936  hwpolicy - ok
21:38:47.0127 4936  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:38:47.0143 4936  i8042prt - ok
21:38:47.0205 4936  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:38:47.0268 4936  IAANTMON - ok
21:38:47.0283 4936  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:38:47.0330 4936  iaStor - ok
21:38:47.0392 4936  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:38:47.0424 4936  iaStorV - ok
21:38:47.0502 4936  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:38:47.0502 4936  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:38:47.0502 4936  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:38:47.0564 4936  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:38:47.0595 4936  idsvc - ok
21:38:47.0767 4936  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:38:47.0860 4936  igfx - ok
21:38:47.0923 4936  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:38:47.0954 4936  iirsp - ok
21:38:48.0001 4936  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:38:48.0048 4936  IKEEXT - ok
21:38:48.0126 4936  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:38:48.0188 4936  IntcAzAudAddService - ok
21:38:48.0204 4936  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:38:48.0219 4936  intelide - ok
21:38:48.0235 4936  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:38:48.0250 4936  intelppm - ok
21:38:48.0282 4936  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:38:48.0328 4936  IPBusEnum - ok
21:38:48.0360 4936  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:48.0406 4936  IpFilterDriver - ok
21:38:48.0438 4936  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:38:48.0453 4936  iphlpsvc - ok
21:38:48.0484 4936  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:38:48.0500 4936  IPMIDRV - ok
21:38:48.0516 4936  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:38:48.0562 4936  IPNAT - ok
21:38:48.0578 4936  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:38:48.0594 4936  IRENUM - ok
21:38:48.0625 4936  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:38:48.0656 4936  isapnp - ok
21:38:48.0703 4936  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:38:48.0734 4936  iScsiPrt - ok
21:38:48.0781 4936  [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:38:48.0828 4936  k57nd60a - ok
21:38:48.0843 4936  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:38:48.0859 4936  kbdclass - ok
21:38:48.0906 4936  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:38:48.0937 4936  kbdhid - ok
21:38:48.0952 4936  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:38:48.0968 4936  KeyIso - ok
21:38:48.0999 4936  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:38:49.0015 4936  KSecDD - ok
21:38:49.0046 4936  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:38:49.0062 4936  KSecPkg - ok
21:38:49.0093 4936  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:38:49.0124 4936  ksthunk - ok
21:38:49.0155 4936  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:38:49.0202 4936  KtmRm - ok
21:38:49.0233 4936  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
21:38:49.0249 4936  L1E - ok
21:38:49.0280 4936  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:38:49.0327 4936  LanmanServer - ok
21:38:49.0374 4936  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:38:49.0420 4936  LanmanWorkstation - ok
21:38:49.0452 4936  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:38:49.0498 4936  lltdio - ok
21:38:49.0530 4936  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:38:49.0576 4936  lltdsvc - ok
21:38:49.0592 4936  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:38:49.0639 4936  lmhosts - ok
21:38:49.0654 4936  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:38:49.0670 4936  LSI_FC - ok
21:38:49.0670 4936  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:38:49.0686 4936  LSI_SAS - ok
21:38:49.0701 4936  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:38:49.0717 4936  LSI_SAS2 - ok
21:38:49.0717 4936  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:38:49.0732 4936  LSI_SCSI - ok
21:38:49.0748 4936  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:38:49.0795 4936  luafv - ok
21:38:49.0826 4936  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:38:49.0842 4936  Mcx2Svc - ok
21:38:49.0842 4936  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:38:49.0857 4936  megasas - ok
21:38:49.0888 4936  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:38:49.0920 4936  MegaSR - ok
21:38:49.0951 4936  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:38:49.0982 4936  MMCSS - ok
21:38:50.0076 4936  [ 60AC73EB57682F361E07AE26A62DFD6A ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
21:38:50.0107 4936  Mobile Partner. RunOuc - ok
21:38:50.0122 4936  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:38:50.0169 4936  Modem - ok
21:38:50.0200 4936  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:38:50.0216 4936  monitor - ok
21:38:50.0247 4936  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:38:50.0263 4936  mouclass - ok
21:38:50.0294 4936  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:38:50.0310 4936  mouhid - ok
21:38:50.0341 4936  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:38:50.0356 4936  mountmgr - ok
21:38:50.0450 4936  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:38:50.0466 4936  MozillaMaintenance - ok
21:38:50.0497 4936  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:38:50.0512 4936  mpio - ok
21:38:50.0544 4936  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:38:50.0575 4936  mpsdrv - ok
21:38:50.0637 4936  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:38:50.0684 4936  MpsSvc - ok
21:38:50.0715 4936  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:38:50.0746 4936  MRxDAV - ok
21:38:50.0762 4936  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:50.0778 4936  mrxsmb - ok
21:38:50.0809 4936  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:50.0824 4936  mrxsmb10 - ok
21:38:50.0856 4936  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:50.0871 4936  mrxsmb20 - ok
21:38:50.0902 4936  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:38:50.0918 4936  msahci - ok
21:38:50.0949 4936  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:38:50.0965 4936  msdsm - ok
21:38:50.0996 4936  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:38:51.0027 4936  MSDTC - ok
21:38:51.0058 4936  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:38:51.0090 4936  Msfs - ok
21:38:51.0105 4936  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:38:51.0152 4936  mshidkmdf - ok
21:38:51.0183 4936  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:38:51.0199 4936  msisadrv - ok
21:38:51.0230 4936  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:38:51.0277 4936  MSiSCSI - ok
21:38:51.0277 4936  msiserver - ok
21:38:51.0324 4936  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:38:51.0355 4936  MSKSSRV - ok
21:38:51.0386 4936  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:51.0417 4936  MSPCLOCK - ok
21:38:51.0433 4936  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:38:51.0464 4936  MSPQM - ok
21:38:51.0495 4936  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:38:51.0526 4936  MsRPC - ok
21:38:51.0542 4936  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:38:51.0558 4936  mssmbios - ok
21:38:51.0558 4936  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:38:51.0604 4936  MSTEE - ok
21:38:51.0604 4936  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:38:51.0620 4936  MTConfig - ok
21:38:51.0651 4936  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:38:51.0667 4936  Mup - ok
21:38:51.0714 4936  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:38:51.0760 4936  napagent - ok
21:38:51.0792 4936  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:38:51.0823 4936  NativeWifiP - ok
21:38:51.0870 4936  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:38:51.0901 4936  NDIS - ok
21:38:51.0916 4936  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:38:51.0963 4936  NdisCap - ok
21:38:51.0979 4936  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:52.0026 4936  NdisTapi - ok
21:38:52.0057 4936  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:52.0088 4936  Ndisuio - ok
21:38:52.0135 4936  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:52.0166 4936  NdisWan - ok
21:38:52.0213 4936  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:38:52.0244 4936  NDProxy - ok
21:38:52.0275 4936  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:38:52.0306 4936  NetBIOS - ok
21:38:52.0353 4936  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:38:52.0384 4936  NetBT - ok
21:38:52.0400 4936  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:38:52.0416 4936  Netlogon - ok
21:38:52.0462 4936  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:38:52.0525 4936  Netman - ok
21:38:52.0556 4936  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:38:52.0587 4936  netprofm - ok
21:38:52.0618 4936  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:38:52.0634 4936  NetTcpPortSharing - ok
21:38:52.0665 4936  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:38:52.0681 4936  nfrd960 - ok
21:38:52.0696 4936  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:38:52.0728 4936  NlaSvc - ok
21:38:52.0743 4936  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:38:52.0774 4936  Npfs - ok
21:38:52.0790 4936  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:38:52.0837 4936  nsi - ok
21:38:52.0852 4936  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:38:52.0884 4936  nsiproxy - ok
21:38:52.0946 4936  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:38:53.0008 4936  Ntfs - ok
21:38:53.0055 4936  [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:38:53.0071 4936  NTI IScheduleSvc - ok
21:38:53.0133 4936  [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:38:53.0149 4936  NTIBackupSvc - ok
21:38:53.0164 4936  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:38:53.0211 4936  NTIDrvr - ok
21:38:53.0227 4936  [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:38:53.0242 4936  NTISchedulerSvc - ok
21:38:53.0274 4936  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:38:53.0305 4936  Null - ok
21:38:53.0352 4936  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:38:53.0383 4936  nvraid - ok
21:38:53.0414 4936  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:38:53.0430 4936  nvstor - ok
21:38:53.0476 4936  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:38:53.0492 4936  nv_agp - ok
21:38:53.0539 4936  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:38:53.0570 4936  ohci1394 - ok
21:38:53.0601 4936  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:38:53.0617 4936  p2pimsvc - ok
21:38:53.0648 4936  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:38:53.0664 4936  p2psvc - ok
21:38:53.0679 4936  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:38:53.0710 4936  Parport - ok
21:38:53.0726 4936  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:38:53.0742 4936  partmgr - ok
21:38:53.0757 4936  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:38:53.0773 4936  PcaSvc - ok
21:38:53.0804 4936  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:38:53.0820 4936  pci - ok
21:38:53.0851 4936  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:38:53.0866 4936  pciide - ok
21:38:53.0866 4936  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:38:53.0882 4936  pcmcia - ok
21:38:53.0913 4936  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:38:53.0929 4936  pcw - ok
21:38:53.0944 4936  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:38:53.0991 4936  PEAUTH - ok
21:38:54.0085 4936  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:38:54.0100 4936  PerfHost - ok
21:38:54.0163 4936  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:38:54.0225 4936  pla - ok
21:38:54.0272 4936  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:38:54.0288 4936  PlugPlay - ok
21:38:54.0319 4936  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:38:54.0334 4936  PNRPAutoReg - ok
21:38:54.0350 4936  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:38:54.0381 4936  PNRPsvc - ok
21:38:54.0397 4936  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:38:54.0444 4936  PolicyAgent - ok
21:38:54.0459 4936  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:38:54.0506 4936  Power - ok
21:38:54.0553 4936  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:38:54.0615 4936  PptpMiniport - ok
21:38:54.0646 4936  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:38:54.0662 4936  Processor - ok
21:38:54.0709 4936  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:38:54.0740 4936  ProfSvc - ok
21:38:54.0740 4936  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:38:54.0771 4936  ProtectedStorage - ok
21:38:54.0818 4936  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:38:54.0865 4936  Psched - ok
21:38:54.0896 4936  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:38:54.0943 4936  ql2300 - ok
21:38:54.0943 4936  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:38:54.0958 4936  ql40xx - ok
21:38:54.0990 4936  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:38:55.0005 4936  QWAVE - ok
21:38:55.0021 4936  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:38:55.0036 4936  QWAVEdrv - ok
21:38:55.0068 4936  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:38:55.0099 4936  RasAcd - ok
21:38:55.0130 4936  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:38:55.0177 4936  RasAgileVpn - ok
21:38:55.0192 4936  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:38:55.0239 4936  RasAuto - ok
21:38:55.0270 4936  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:55.0317 4936  Rasl2tp - ok
21:38:55.0348 4936  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:38:55.0395 4936  RasMan - ok
21:38:55.0411 4936  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:55.0458 4936  RasPppoe - ok
21:38:55.0473 4936  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:38:55.0520 4936  RasSstp - ok
21:38:55.0551 4936  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:38:55.0598 4936  rdbss - ok
21:38:55.0614 4936  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:38:55.0629 4936  rdpbus - ok
21:38:55.0645 4936  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:55.0692 4936  RDPCDD - ok
21:38:55.0707 4936  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:38:55.0738 4936  RDPENCDD - ok
21:38:55.0754 4936  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:38:55.0801 4936  RDPREFMP - ok
21:38:55.0832 4936  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:38:55.0863 4936  RDPWD - ok
21:38:55.0910 4936  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:38:55.0941 4936  rdyboost - ok
21:38:55.0972 4936  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:38:56.0004 4936  RemoteAccess - ok
21:38:56.0035 4936  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:38:56.0082 4936  RemoteRegistry - ok
21:38:56.0097 4936  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:38:56.0144 4936  RpcEptMapper - ok
21:38:56.0175 4936  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:38:56.0191 4936  RpcLocator - ok
21:38:56.0238 4936  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:38:56.0284 4936  RpcSs - ok
21:38:56.0331 4936  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
21:38:56.0378 4936  RRNetCap - ok
21:38:56.0378 4936  [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
21:38:56.0409 4936  RRNetCapMP - ok
21:38:56.0456 4936  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:38:56.0487 4936  rspndr - ok
21:38:56.0518 4936  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
21:38:56.0550 4936  RSUSBSTOR - ok
21:38:56.0581 4936  RtsUIR - ok
21:38:56.0612 4936  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:38:56.0643 4936  SamSs - ok
21:38:56.0674 4936  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:38:56.0706 4936  sbp2port - ok
21:38:56.0737 4936  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:38:56.0784 4936  SCardSvr - ok
21:38:56.0815 4936  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:38:56.0846 4936  scfilter - ok
21:38:56.0908 4936  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:38:56.0971 4936  Schedule - ok
21:38:57.0002 4936  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:38:57.0033 4936  SCPolicySvc - ok
21:38:57.0064 4936  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:38:57.0096 4936  SDRSVC - ok
21:38:57.0127 4936  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:38:57.0174 4936  secdrv - ok
21:38:57.0189 4936  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:38:57.0236 4936  seclogon - ok
21:38:57.0252 4936  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:38:57.0298 4936  SENS - ok
21:38:57.0330 4936  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:38:57.0345 4936  SensrSvc - ok
21:38:57.0361 4936  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:38:57.0376 4936  Serenum - ok
21:38:57.0392 4936  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:38:57.0408 4936  Serial - ok
21:38:57.0423 4936  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:38:57.0439 4936  sermouse - ok
21:38:57.0486 4936  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:38:57.0517 4936  SessionEnv - ok
21:38:57.0564 4936  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:38:57.0579 4936  sffdisk - ok
21:38:57.0595 4936  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:38:57.0610 4936  sffp_mmc - ok
21:38:57.0626 4936  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:38:57.0642 4936  sffp_sd - ok
21:38:57.0657 4936  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:38:57.0673 4936  sfloppy - ok
21:38:57.0704 4936  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:38:57.0751 4936  SharedAccess - ok
21:38:57.0782 4936  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:38:57.0844 4936  ShellHWDetection - ok
21:38:57.0860 4936  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:38:57.0876 4936  SiSRaid2 - ok
21:38:57.0876 4936  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:38:57.0907 4936  SiSRaid4 - ok
21:38:57.0922 4936  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:38:57.0954 4936  Smb - ok
21:38:58.0000 4936  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:38:58.0016 4936  SNMPTRAP - ok
21:38:58.0032 4936  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:38:58.0047 4936  spldr - ok
21:38:58.0078 4936  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:38:58.0094 4936  Spooler - ok
21:38:58.0203 4936  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:38:58.0281 4936  sppsvc - ok
21:38:58.0297 4936  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:38:58.0344 4936  sppuinotify - ok
21:38:58.0390 4936  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:38:58.0422 4936  srv - ok
21:38:58.0437 4936  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:38:58.0468 4936  srv2 - ok
21:38:58.0500 4936  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:38:58.0515 4936  srvnet - ok
21:38:58.0562 4936  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
21:38:58.0609 4936  ssadbus - ok
21:38:58.0624 4936  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:38:58.0671 4936  ssadmdfl - ok
21:38:58.0702 4936  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
21:38:58.0749 4936  ssadmdm - ok
21:38:58.0765 4936  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
21:38:58.0812 4936  ssadserd - ok
21:38:58.0843 4936  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:38:58.0890 4936  SSDPSRV - ok
21:38:58.0905 4936  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:38:58.0936 4936  SstpSvc - ok
21:38:58.0999 4936  Steam Client Service - ok
21:38:59.0014 4936  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:38:59.0046 4936  stexstor - ok
21:38:59.0108 4936  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:38:59.0139 4936  stisvc - ok
21:38:59.0202 4936  [ DF3E643F066534BDE8E1A91E94AF3125 ] StkCMini        C:\Windows\system32\Drivers\StkCMini.sys
21:38:59.0264 4936  StkCMini - ok
21:38:59.0295 4936  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:38:59.0311 4936  swenum - ok
21:38:59.0342 4936  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:38:59.0389 4936  swprv - ok
21:38:59.0451 4936  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:38:59.0498 4936  SysMain - ok
21:38:59.0545 4936  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:38:59.0560 4936  TabletInputService - ok
21:38:59.0607 4936  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:38:59.0654 4936  TapiSrv - ok
21:38:59.0701 4936  [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
21:38:59.0748 4936  tbhsd - ok
21:38:59.0763 4936  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:38:59.0810 4936  TBS - ok
21:38:59.0888 4936  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:38:59.0935 4936  Tcpip - ok
21:38:59.0997 4936  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:39:00.0060 4936  TCPIP6 - ok
21:39:00.0106 4936  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:39:00.0122 4936  tcpipreg - ok
21:39:00.0153 4936  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:39:00.0169 4936  TDPIPE - ok
21:39:00.0184 4936  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:39:00.0200 4936  TDTCP - ok
21:39:00.0231 4936  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:39:00.0278 4936  tdx - ok
21:39:00.0309 4936  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:39:00.0340 4936  TermDD - ok
21:39:00.0387 4936  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:39:00.0434 4936  TermService - ok
21:39:00.0450 4936  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:39:00.0481 4936  Themes - ok
21:39:00.0512 4936  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:39:00.0543 4936  THREADORDER - ok
21:39:00.0574 4936  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:39:00.0621 4936  TrkWks - ok
21:39:00.0668 4936  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:39:00.0730 4936  TrustedInstaller - ok
21:39:00.0762 4936  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:00.0793 4936  tssecsrv - ok
21:39:00.0840 4936  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:39:00.0871 4936  TsUsbFlt - ok
21:39:00.0918 4936  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:39:00.0964 4936  tunnel - ok
21:39:00.0996 4936  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:39:01.0011 4936  uagp35 - ok
21:39:01.0042 4936  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:39:01.0074 4936  UBHelper - ok
21:39:01.0105 4936  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:39:01.0152 4936  udfs - ok
21:39:01.0183 4936  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:39:01.0214 4936  UI0Detect - ok
21:39:01.0230 4936  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:39:01.0245 4936  uliagpkx - ok
21:39:01.0292 4936  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:39:01.0308 4936  umbus - ok
21:39:01.0323 4936  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:39:01.0339 4936  UmPass - ok
21:39:01.0432 4936  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:39:01.0479 4936  Updater Service - ok
21:39:01.0510 4936  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:39:01.0557 4936  upnphost - ok
21:39:01.0604 4936  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:39:01.0635 4936  usbaudio - ok
21:39:01.0666 4936  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:01.0682 4936  usbccgp - ok
21:39:01.0682 4936  USBCCID - ok
21:39:01.0729 4936  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:39:01.0744 4936  usbcir - ok
21:39:01.0791 4936  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:39:01.0822 4936  usbehci - ok
21:39:01.0838 4936  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:39:01.0854 4936  usbhub - ok
21:39:01.0869 4936  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:39:01.0885 4936  usbohci - ok
21:39:01.0900 4936  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:39:01.0916 4936  usbprint - ok
21:39:01.0932 4936  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:01.0947 4936  USBSTOR - ok
21:39:01.0963 4936  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:01.0978 4936  usbuhci - ok
21:39:02.0025 4936  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:39:02.0041 4936  usbvideo - ok
21:39:02.0056 4936  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:39:02.0103 4936  UxSms - ok
21:39:02.0119 4936  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:39:02.0134 4936  VaultSvc - ok
21:39:02.0166 4936  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:39:02.0181 4936  vdrvroot - ok
21:39:02.0228 4936  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:39:02.0275 4936  vds - ok
21:39:02.0290 4936  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:02.0322 4936  vga - ok
21:39:02.0322 4936  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:39:02.0368 4936  VgaSave - ok
21:39:02.0415 4936  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:39:02.0446 4936  vhdmp - ok
21:39:02.0478 4936  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:39:02.0493 4936  viaide - ok
21:39:02.0509 4936  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:39:02.0524 4936  volmgr - ok
21:39:02.0556 4936  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:39:02.0571 4936  volmgrx - ok
21:39:02.0602 4936  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:39:02.0618 4936  volsnap - ok
21:39:02.0634 4936  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:02.0649 4936  vsmraid - ok
21:39:02.0727 4936  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:39:02.0790 4936  VSS - ok
21:39:02.0805 4936  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:02.0821 4936  vwifibus - ok
21:39:02.0836 4936  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:02.0852 4936  vwififlt - ok
21:39:02.0883 4936  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:39:02.0930 4936  W32Time - ok
21:39:02.0946 4936  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:39:02.0961 4936  WacomPen - ok
21:39:03.0008 4936  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:39:03.0039 4936  WANARP - ok
21:39:03.0039 4936  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:39:03.0086 4936  Wanarpv6 - ok
21:39:03.0148 4936  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:39:03.0195 4936  wbengine - ok
21:39:03.0211 4936  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:39:03.0242 4936  WbioSrvc - ok
21:39:03.0273 4936  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:39:03.0304 4936  wcncsvc - ok
21:39:03.0320 4936  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:39:03.0336 4936  WcsPlugInService - ok
21:39:03.0367 4936  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:39:03.0382 4936  Wd - ok
21:39:03.0429 4936  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:39:03.0460 4936  Wdf01000 - ok
21:39:03.0476 4936  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:39:03.0507 4936  WdiServiceHost - ok
21:39:03.0507 4936  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:39:03.0538 4936  WdiSystemHost - ok
21:39:03.0570 4936  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:39:03.0601 4936  WebClient - ok
21:39:03.0616 4936  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:39:03.0648 4936  Wecsvc - ok
21:39:03.0679 4936  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:39:03.0710 4936  wercplsupport - ok
21:39:03.0741 4936  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:39:03.0788 4936  WerSvc - ok
21:39:03.0819 4936  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:03.0850 4936  WfpLwf - ok
21:39:03.0866 4936  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:39:03.0882 4936  WIMMount - ok
21:39:03.0913 4936  WinDefend - ok
21:39:03.0913 4936  WinHttpAutoProxySvc - ok
21:39:03.0975 4936  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:39:04.0022 4936  Winmgmt - ok
21:39:04.0116 4936  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:39:04.0178 4936  WinRM - ok
21:39:04.0240 4936  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:39:04.0287 4936  Wlansvc - ok
21:39:04.0334 4936  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:39:04.0350 4936  WmiAcpi - ok
21:39:04.0381 4936  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:39:04.0396 4936  wmiApSrv - ok
21:39:04.0443 4936  WMPNetworkSvc - ok
21:39:04.0459 4936  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:39:04.0474 4936  WPCSvc - ok
21:39:04.0521 4936  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:39:04.0537 4936  WPDBusEnum - ok
21:39:04.0552 4936  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:39:04.0599 4936  ws2ifsl - ok
21:39:04.0615 4936  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:39:04.0630 4936  wscsvc - ok
21:39:04.0630 4936  WSearch - ok
21:39:04.0740 4936  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:39:04.0786 4936  wuauserv - ok
21:39:04.0833 4936  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:39:04.0849 4936  WudfPf - ok
21:39:04.0880 4936  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:04.0896 4936  WUDFRd - ok
21:39:04.0927 4936  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:39:04.0942 4936  wudfsvc - ok
21:39:04.0974 4936  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:39:04.0989 4936  WwanSvc - ok
21:39:05.0036 4936  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:39:05.0052 4936  xusb21 - ok
21:39:05.0098 4936  ================ Scan global ===============================
21:39:05.0130 4936  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:39:05.0161 4936  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:39:05.0192 4936  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:39:05.0223 4936  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:39:05.0239 4936  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:39:05.0254 4936  [Global] - ok
21:39:05.0254 4936  ================ Scan MBR ==================================
21:39:05.0270 4936  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:39:05.0629 4936  \Device\Harddisk0\DR0 - ok
21:39:05.0629 4936  ================ Scan VBR ==================================
21:39:05.0644 4936  [ A39B7E003E1F081B49683BD751B9EEC6 ] \Device\Harddisk0\DR0\Partition1
21:39:05.0644 4936  \Device\Harddisk0\DR0\Partition1 - ok
21:39:05.0676 4936  [ F9C24D5018DD082117AD820B8513D8EA ] \Device\Harddisk0\DR0\Partition2
21:39:05.0676 4936  \Device\Harddisk0\DR0\Partition2 - ok
21:39:05.0676 4936  ============================================================
21:39:05.0676 4936  Scan finished
21:39:05.0676 4936  ============================================================
21:39:05.0691 3848  Detected object count: 2
21:39:05.0691 3848  Actual detected object count: 2
21:39:15.0613 3848  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:39:15.0613 3848  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
21:39:15.0613 3848  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:15.0613 3848  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
PS: Heute hat das Laptop spontan geupdatet.

Alt 16.05.2013, 21:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2013, 23:08   #9
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



JRT Logfile
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by NoPC on 17.05.2013 at  0:01:41,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\NoPC\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\minidumps [340 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2013 at  0:06:35,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Adwcleaner Logfile
Code:
ATTFilter
# Benutzer : NoPC - NOPC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\NoPC\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\NoPC\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\NoPC\AppData\Roaming\Mozilla\Firefox\Profiles\g2t79mkl.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3510 octets] - [17/05/2013 00:09:26]
AdwCleaner[S1].txt - [3451 octets] - [17/05/2013 00:10:27]

########## EOF - C:\AdwCleaner[S1].txt - [3511 octets] ##########
         
OTL Logfile
Code:
ATTFilter
OTL logfile created on: 17.05.2013 00:16:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NoPC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,51% Memory free
7,99 Gb Paging File | 6,82 Gb Available in Paging File | 85,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 294,88 Gb Free Space | 64,96% Space Free | Partition Type: NTFS
 
Computer Name: NOPC-PC | User Name: NoPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\NoPC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\NoPC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: trackerblock%40privacychoice.org:2.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.xx.xx: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:32:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:32:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:32:22 | 000,000,000 | ---D | M]
 
[2012.05.11 16:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\Extensions
[2013.05.17 00:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\Firefox\Profiles\g2t79mkl.default\extensions
[2013.04.30 21:51:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\NoPC\AppData\Roaming\mozilla\Firefox\Profiles\g2t79mkl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 17:13:19 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\trackerblock@privacychoice.org.xpi
[2013.05.09 19:12:12 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.09 09:11:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.13 17:08:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.04.11 23:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 23:32:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.02 00:31:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.02 00:31:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.02 00:31:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.02 00:31:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.02 00:31:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.02 00:31:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.16 00:17:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000..\Run: [Akamai NetSession Interface] C:\Users\NoPC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C6007F-2EF5-48E8-B90E-DC2A022B68A2}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A5A97B9-B5E0-47E1-A3BD-05EB7D097894}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C920DCA4-A539-423A-B398-6E33C5D5C0AF}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D178080C-AFF7-41EA-B3AB-1DB549356106}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD6E47CD-C754-429F-9A7B-45C9DCD8DFE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 00:01:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.17 00:01:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.16 21:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 20:58:51 | 000,000,000 | ---D | C] -- C:\Users\NoPC\Desktop\aswmbr
[2013.05.16 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\NoPC\Desktop\tdss
[2013.05.16 20:58:39 | 000,000,000 | ---D | C] -- C:\Users\NoPC\Desktop\mbar
[2013.05.16 08:33:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 08:33:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 08:33:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 08:33:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 08:33:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 08:33:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 08:33:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 08:33:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 08:33:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 08:33:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 08:33:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 08:33:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 08:33:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 08:33:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 08:33:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 08:11:27 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 08:11:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 08:11:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.16 08:11:16 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 08:11:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 08:11:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 08:11:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 08:04:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.16 00:35:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.16 00:03:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.16 00:03:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.16 00:03:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.16 00:02:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.16 00:02:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.10 16:46:01 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.09 22:40:44 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\Avira
[2013.05.09 22:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.09 22:39:05 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.09 22:39:05 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.09 22:39:05 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.09 22:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.29 18:00:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.26 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\Skype
[2013.04.26 16:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.04.20 15:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.20 15:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.20 15:51:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.20 15:51:43 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.19 17:51:29 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Local\Microsoft Games
[2013.04.17 14:56:57 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\SynthMaker
[2009.08.22 10:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 00:19:13 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 00:19:13 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 00:18:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.17 00:18:02 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.17 00:18:02 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.17 00:18:02 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.17 00:18:02 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.17 00:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 00:11:32 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 21:32:48 | 000,000,512 | ---- | M] () -- C:\Users\NoPC\Desktop\MBR.dat
[2013.05.16 21:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 10:43:09 | 000,365,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 00:17:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.15 13:49:52 | 000,000,000 | ---- | M] () -- C:\Users\NoPC\defogger_reenable
[2013.05.15 12:24:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 12:24:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.10 16:45:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.09 22:39:14 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.04 12:44:46 | 008,805,738 | ---- | M] () -- C:\Users\NoPC\Desktop\Creutzfeld_Jakob_-_Partner.mp4
[2013.05.04 12:40:33 | 014,226,389 | ---- | M] () -- C:\Users\NoPC\Desktop\Mistahnice_ft._Lakmann_One_-_Psychiater_Videopremiere.mp4
[2013.04.30 21:57:30 | 006,586,659 | ---- | M] () -- C:\Users\NoPC\Desktop\A.Paul_-_Other_Worlds_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:57:15 | 006,213,982 | ---- | M] () -- C:\Users\NoPC\Desktop\Redhead_-_Dark_Angel_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:57:04 | 007,572,660 | ---- | M] () -- C:\Users\NoPC\Desktop\Markantonio_-_Dark_Day_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:56:47 | 007,318,243 | ---- | M] () -- C:\Users\NoPC\Desktop\Ben_Sims_-_Welcome_to_the_Club_The_Advent_Industrialyzer.mp4
[2013.04.30 21:55:48 | 006,195,271 | ---- | M] () -- C:\Users\NoPC\Desktop\Advent_Industrialyzer_The_-_Hybrid_AD-IN_Mix.mp4
[2013.04.30 21:55:38 | 014,107,212 | ---- | M] () -- C:\Users\NoPC\Desktop\Inna_Ft_The_Advent_Industrialyzer_--_Dr_Slax.mp4
[2013.04.29 18:00:14 | 360,889,576 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.19 16:53:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.16 21:32:48 | 000,000,512 | ---- | C] () -- C:\Users\NoPC\Desktop\MBR.dat
[2013.05.16 00:03:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.16 00:03:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.16 00:03:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.16 00:03:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.16 00:03:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.15 13:49:52 | 000,000,000 | ---- | C] () -- C:\Users\NoPC\defogger_reenable
[2013.05.09 22:39:14 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.04 12:44:10 | 008,805,738 | ---- | C] () -- C:\Users\NoPC\Desktop\Creutzfeld_Jakob_-_Partner.mp4
[2013.05.04 12:39:45 | 014,226,389 | ---- | C] () -- C:\Users\NoPC\Desktop\Mistahnice_ft._Lakmann_One_-_Psychiater_Videopremiere.mp4
[2013.04.30 21:57:18 | 006,586,659 | ---- | C] () -- C:\Users\NoPC\Desktop\A.Paul_-_Other_Worlds_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:56:59 | 006,213,982 | ---- | C] () -- C:\Users\NoPC\Desktop\Redhead_-_Dark_Angel_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:56:33 | 007,572,660 | ---- | C] () -- C:\Users\NoPC\Desktop\Markantonio_-_Dark_Day_The_Advent_Industrialyzer_Remix.mp4
[2013.04.30 21:56:27 | 007,318,243 | ---- | C] () -- C:\Users\NoPC\Desktop\Ben_Sims_-_Welcome_to_the_Club_The_Advent_Industrialyzer.mp4
[2013.04.30 21:55:39 | 006,195,271 | ---- | C] () -- C:\Users\NoPC\Desktop\Advent_Industrialyzer_The_-_Hybrid_AD-IN_Mix.mp4
[2013.04.30 21:55:14 | 014,107,212 | ---- | C] () -- C:\Users\NoPC\Desktop\Inna_Ft_The_Advent_Industrialyzer_--_Dr_Slax.mp4
[2013.04.29 18:00:14 | 360,889,576 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.04 22:05:24 | 000,000,696 | ---- | C] () -- C:\Users\NoPC\Bibliotheken - Verknüpfung.lnk
[2013.01.23 20:40:13 | 000,000,043 | ---- | C] () -- C:\Users\NoPC\jagex_cl_runescape_LIVE.dat
[2013.01.23 20:40:13 | 000,000,024 | ---- | C] () -- C:\Users\NoPC\random.dat
[2013.01.08 19:38:09 | 000,001,689 | ---- | C] () -- C:\Users\NoPC\AppData\Local\recently-used.xbel
[2012.12.23 18:32:52 | 000,078,906 | ---- | C] () -- C:\Users\NoPC\Truth.jpg.svg
[2012.12.23 18:32:26 | 000,192,379 | ---- | C] () -- C:\Users\NoPC\Truth.png
[2012.12.23 18:32:03 | 000,078,913 | ---- | C] () -- C:\Users\NoPC\Truth.svg
[2012.10.20 20:18:51 | 000,003,584 | ---- | C] () -- C:\Users\NoPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.14 14:54:40 | 000,000,000 | ---- | C] () -- C:\Users\NoPC\AppData\Roaming\wklnhst.dat
[2012.08.24 13:49:44 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.08.24 13:49:04 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.06.20 19:13:16 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe
[2012.06.03 10:25:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.24 08:31:56 | 000,000,730 | ---- | C] () -- C:\Users\NoPC\.lmmsrc.xml
[2012.05.11 23:29:32 | 000,001,768 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.05.11 19:20:25 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.05.11 14:20:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.05.11 14:20:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.05.11 14:20:50 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.05.11 14:20:50 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.05.11 14:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras Logfile
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2013 00:16:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NoPC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 73,51% Memory free
7,99 Gb Paging File | 6,82 Gb Available in Paging File | 85,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 294,88 Gb Free Space | 64,96% Space Free | Partition Type: NTFS
 
Computer Name: NOPC-PC | User Name: NoPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EE0B9C-9D3E-44DE-A2A0-B6DBE850B704}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0585F5A0-F8E6-4130-9108-3A1A9E2B1434}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{27576987-73B2-41BF-B26B-D0B56E8EB4FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E66EC7B-3C59-419B-99F3-29FE9DE29E3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80C93C48-6BA7-43F1-8033-3185FC04FA4F}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{9273ED9B-F116-476A-AA4B-AFBFDE721019}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9DFAA846-49DB-4BEC-8E4E-D45A21AFC7F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A19918D9-8836-4062-A018-686571902730}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AEE4D7E1-00DE-4BA9-9423-7A0C3CD77734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D4F7E4E2-0022-46AF-AA76-C1FFD21300B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3AD96FE-7900-410F-B0F4-698B54870A23}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{E873AF70-7736-441E-BF87-59CFE08C92A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC08F53A-92BD-43CE-A6EB-67BD85EE45BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F9FB0254-59D8-4427-9BDC-0A087D5F52B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CA1E5A-57F9-4383-AC2F-D07423C88E7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03AE5CFA-812C-49A7-B003-3585DA88DD3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{05F5BDDB-7787-4E22-982F-11AC7BDBF50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B0E9439-33AB-47B0-B661-79D4DD96C4F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DB6F52F-2488-4615-B42D-CC238964C6BE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{14E0DE49-A077-427F-92F1-8918EDD9BC20}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{292186E0-8113-44A1-8EC5-44D7F34021EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2A9D671B-2CC4-4786-B5FB-FF12E62C4E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{2EE41268-558B-4F0D-AE7A-4A2545636B22}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | 
"{33231F7B-FF41-42AA-B2C3-EDE376F1A194}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A57332E-A328-4A88-AF04-4E534133CFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{484303D0-D0EA-4BC2-BEC1-1076C1A7E6E8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{4DA68962-99E2-4FC8-A9B3-8A307BF75B0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5603324D-BFB9-456B-88D9-9A2D9382C4C2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{622CB805-FA66-4A57-B285-7DB52648A397}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{632ECBDF-18A7-468B-B8F2-9972F29F9F79}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{639B2E4D-441F-44F3-B956-7C5CD77A51B3}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{6751D389-C3AF-4F20-9C08-E1F3932F6A28}" = protocol=6 | dir=out | app=system | 
"{709F98C6-1B56-469C-AA7C-7E33F537B2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8140828E-A7CB-4CA0-9590-D06DF09A673E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81FCDC12-A3B5-4FDB-90C1-93D6351C930F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83222BC9-A721-485C-8150-A462DCF28E92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{9038A1E5-E980-40EA-932C-80769EEEB60A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{9682E930-041F-4951-AC3F-64256D293DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\robinho18\counter-strike source\hl2.exe | 
"{9BD6AE55-D411-430E-907D-5FAAA462D7FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{9FDC6C0B-AF01-4FFA-AC9B-3FCF28B99A90}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{A2194679-5DE0-4C64-A555-300A42CE3403}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{A5A48B92-8A06-46CC-AB98-D30EDF70F628}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AA2790EA-B507-49FA-BBB5-E18A2C7710BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B9C078BF-109E-4A86-B96A-35EFC390FA92}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C58A5625-8809-4490-88A8-66B2FCF07DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C90FC48B-F70D-484E-A7B5-5B5031DC34CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D8AABB03-CA8D-478A-9763-5281D43A0491}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D8C1F067-2EE8-4515-8D6C-44AF31E09380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DD93BF5A-C076-4E4F-96CB-44B9C188D11E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\robinho18\counter-strike source\hl2.exe | 
"{DEDAD74F-3B19-41D3-AE49-C6DE6E952A7B}" = protocol=6 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"{E92CFDEC-F27D-46FA-9A83-F871CF84EAC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED0949E5-65D9-4419-94E5-04674E2854F6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F46E6E1C-9343-45E1-98DB-C5BC867F7AF8}" = protocol=17 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{62AD7816-3C54-42C9-88A9-E27428A54C3D}C:\users\nopc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{87A5F5B6-AD6D-4221-A411-3313F58D5236}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{9B2F79D1-044F-4E89-B7DF-3115944C5CDA}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{A732350C-5C1F-4F45-A392-E24268729341}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C3CC043C-3C5E-469F-BE1E-6E492DC8322A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{F5CEF5D5-283A-46DD-A62A-F628AF06AA35}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{AE25888A-089F-4D77-9CD8-76376C7E2E22}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{DBB8FF57-37C2-41BF-BA0B-C213DAAD7468}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{DD272DD7-5382-4490-AE97-D5182E8F3F1B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DDDCB4A7-13E2-4C52-80FB-4283DF15368D}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{F0D8B6C7-E76A-4E12-AE98-1438997AB014}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{FFDA0107-7A9A-4DE0-AB65-B99E4F069F36}C:\users\nopc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German
"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian
"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}" = Audials
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista
"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ
"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish
"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch
"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek
"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static
"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese
"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish
"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.5.5
"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing
"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard
"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish
"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Black Mirror_is1" = Black Mirror 1.2
"Deckadance" = Deckadance
"Desura" = Desura
"Desura_83146271883296" = Desura: Mortal Online
"Diablo II" = Diablo II
"FL Studio 10" = FL Studio 10
"Giraffic" = Veoh Giraffic Video Accelerator
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.19
"GridVista" = Acer GridVista
"HyperCam 3" = HyperCam 3
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PakkISO_is1" = PakkISO 0.4
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"Steam App 240" = Counter-Strike: Source
"Steam App 630" = Alien Swarm
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Inkscape" = Inkscape 0.48.3.1
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 16.05.2013 18:11:48 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 16.05.2013 18:11:48 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
Zu guter letzt noch eine Frage: Liess bis jetzt irgendwas auf Remote Hacking schliessen bzw. hast du Indizien oder Fakten gefunden?

Hallo, habe mich nebenbei schlau gemacht und etwas über Netstat in diesem Bezug gelernt.
Jetzt wollte ich dir die Information zukommen lassen, dass bei "netstat -an" die Ports 49152 - 49155, 49167, 49186 mit Status "Abhören" aufgelistet sind, die Remoteadresse ist in den Fällen 0, vielleicht könnte ich mal einen Screenshot machen und ihn posten, dort sind noch ein paar andere Ptotokolle die verdächtig wirken.
LG

(Edit klappt nicht)
PS: Die Netstat Infos würde ich natürlich als CODE posten. h:

Geändert von unkreativ (16.05.2013 um 23:31 Uhr)

Alt 20.05.2013, 13:10   #10
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Hier mal eine netstat -ano von grade eben:
Code:
ATTFilter
Aktive Verbindungen

  Proto  Lokale Adresse         Remoteadresse          Status           PID
  TCP    0.0.0.0:135            0.0.0.0:0              ABH™REN         756
  TCP    0.0.0.0:445            0.0.0.0:0              ABH™REN         4
  TCP    0.0.0.0:554            0.0.0.0:0              ABH™REN         3772
  TCP    0.0.0.0:2869           0.0.0.0:0              ABH™REN         4
  TCP    0.0.0.0:5151           0.0.0.0:0              ABH™REN         1924
  TCP    0.0.0.0:5357           0.0.0.0:0              ABH™REN         4
  TCP    0.0.0.0:10243          0.0.0.0:0              ABH™REN         4
  TCP    0.0.0.0:49152          0.0.0.0:0              ABH™REN         500
  TCP    0.0.0.0:49153          0.0.0.0:0              ABH™REN         912
  TCP    0.0.0.0:49154          0.0.0.0:0              ABH™REN         1004
  TCP    0.0.0.0:49155          0.0.0.0:0              ABH™REN         572
  TCP    0.0.0.0:49169          0.0.0.0:0              ABH™REN         556
  TCP    0.0.0.0:49408          0.0.0.0:0              ABH™REN         2744
  TCP    127.0.0.1:9421         0.0.0.0:0              ABH™REN         2744
  TCP    127.0.0.1:9422         0.0.0.0:0              ABH™REN         2744
  TCP    127.0.0.1:9423         0.0.0.0:0              ABH™REN         2744
  TCP    127.0.0.1:49594        127.0.0.1:49595        HERGESTELLT     4252
  TCP    127.0.0.1:49595        127.0.0.1:49594        HERGESTELLT     4252
  TCP    127.0.0.1:54321        0.0.0.0:0              ABH™REN         1840
  TCP    192.168.178.22:139     0.0.0.0:0              ABH™REN         4
  TCP    192.168.178.22:49404   217.212.238.125:443    HERGESTELLT     2744
  TCP    192.168.178.22:49607   206.19.49.154:80       WARTEND         0
  TCP    192.168.178.22:49612   174.35.67.53:80        WARTEND         0
  TCP    192.168.178.22:49613   2.22.61.66:80          HERGESTELLT     1104
  TCP    [::]:135               [::]:0                 ABH™REN         756
  TCP    [::]:445               [::]:0                 ABH™REN         4
  TCP    [::]:554               [::]:0                 ABH™REN         3772
  TCP    [::]:2869              [::]:0                 ABH™REN         4
  TCP    [::]:5357              [::]:0                 ABH™REN         4
  TCP    [::]:10243             [::]:0                 ABH™REN         4
  TCP    [::]:49152             [::]:0                 ABH™REN         500
  TCP    [::]:49153             [::]:0                 ABH™REN         912
  TCP    [::]:49154             [::]:0                 ABH™REN         1004
  TCP    [::]:49155             [::]:0                 ABH™REN         572
  TCP    [::]:49169             [::]:0                 ABH™REN         556
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49525  [2a00:1450:4001:c02::be]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49528  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49539  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49541  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49545  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49547  [2a00:1450:4001:c02::65]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49550  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49552  [2607:f8b0:400a:801::100f]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49567  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49571  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49572  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49573  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49575  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49579  [2a00:1450:4001:c02::65]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49580  [2a00:1450:4001:c02::84]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49584  [2a00:1450:4001:c02::64]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49585  [2a00:1450:4001:c02::84]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49586  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49587  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49588  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49589  [2a00:1450:4001:c02::8b]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49590  [2a00:1450:4001:c02::84]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49591  [2a00:1450:4001:c02::84]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49592  [2a00:1450:400e:c::13]:80  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49596  [2a00:1450:4016:801::1011]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49597  [2a00:1450:4016:801::1011]:443  HERGESTELLT     4252
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49598  [2a00:1450:4016:801::1017]:443  HERGESTELLT     4252
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49599  [2a00:1450:4016:801::1017]:443  WARTEND         0
  TCP    [2a02:908:f53a:500:451:a50a:59a9:1cd0]:49601  [2a00:1450:4001:c02::78]:443  HERGESTELLT     4252
  UDP    0.0.0.0:500            *:*                                    1004
  UDP    0.0.0.0:3702           *:*                                    3432
  UDP    0.0.0.0:3702           *:*                                    492
  UDP    0.0.0.0:3702           *:*                                    3432
  UDP    0.0.0.0:3702           *:*                                    492
  UDP    0.0.0.0:4500           *:*                                    1004
  UDP    0.0.0.0:5004           *:*                                    3772
  UDP    0.0.0.0:5005           *:*                                    3772
  UDP    0.0.0.0:5355           *:*                                    1104
  UDP    0.0.0.0:60672          *:*                                    3432
  UDP    0.0.0.0:62415          *:*                                    2744
  UDP    0.0.0.0:62416          *:*                                    2744
  UDP    0.0.0.0:62708          *:*                                    492
  UDP    127.0.0.1:1900         *:*                                    3432
  UDP    127.0.0.1:49273        *:*                                    3432
  UDP    127.0.0.1:55831        *:*                                    3156
  UDP    127.0.0.1:57007        *:*                                    1664
  UDP    127.0.0.1:63022        *:*                                    2744
  UDP    127.0.0.1:64173        *:*                                    1840
  UDP    127.0.0.1:64461        *:*                                    2744
  UDP    192.168.178.22:137     *:*                                    4
  UDP    192.168.178.22:138     *:*                                    4
  UDP    192.168.178.22:1900    *:*                                    3432
  UDP    192.168.178.22:49272   *:*                                    3432
  UDP    192.168.178.22:55276   *:*                                    1840
  UDP    [::]:500               *:*                                    1004
  UDP    [::]:3702              *:*                                    492
  UDP    [::]:3702              *:*                                    3432
  UDP    [::]:3702              *:*                                    3432
  UDP    [::]:3702              *:*                                    492
  UDP    [::]:4500              *:*                                    1004
  UDP    [::]:5004              *:*                                    3772
  UDP    [::]:5005              *:*                                    3772
  UDP    [::]:5355              *:*                                    1104
  UDP    [::]:60673             *:*                                    3432
  UDP    [::]:62709             *:*                                    492
  UDP    [::1]:1900             *:*                                    3432
  UDP    [::1]:49271            *:*                                    3432
  UDP    [fe80::c023:e121:dc70:5c38%11]:1900  *:*                                    3432
  UDP    [fe80::c023:e121:dc70:5c38%11]:49270  *:*                                    3432
         
LG

Alt 20.05.2013, 23:24   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Sry hab deinen Strang übersehen. Mach bitte neue OTL-Logs
Und vergiss bitte netstat, damit sieht man keine Schädlinge.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.05.2013, 12:29   #12
unkreativ
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



So hier die neuen Logs:
Code:
ATTFilter
OTL logfile created on: 21.05.2013 13:14:46 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NoPC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 73,02% Memory free
7,99 Gb Paging File | 6,79 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 294,20 Gb Free Space | 64,81% Space Free | Partition Type: NTFS
 
Computer Name: NOPC-PC | User Name: NoPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\NoPC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\NoPC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (Mobile Partner. RunOuc) -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=273605129216l03e8z195t4701w182
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: trackerblock%40privacychoice.org:2.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.xx.xx: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:32:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:32:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:32:22 | 000,000,000 | ---D | M]
 
[2012.05.11 16:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\Extensions
[2013.05.17 00:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\Firefox\Profiles\g2t79mkl.default\extensions
[2013.04.30 21:51:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\NoPC\AppData\Roaming\mozilla\Firefox\Profiles\g2t79mkl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.13 17:13:19 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\trackerblock@privacychoice.org.xpi
[2013.05.09 19:12:12 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.09 09:11:07 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.13 17:08:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\NoPC\AppData\Roaming\mozilla\firefox\profiles\g2t79mkl.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.04.11 23:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 23:32:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.02 00:31:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.02 00:31:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.02 00:31:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.02 00:31:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.02 00:31:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.02 00:31:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.16 00:17:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000..\Run: [Akamai NetSession Interface] C:\Users\NoPC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C6007F-2EF5-48E8-B90E-DC2A022B68A2}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A5A97B9-B5E0-47E1-A3BD-05EB7D097894}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C920DCA4-A539-423A-B398-6E33C5D5C0AF}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D178080C-AFF7-41EA-B3AB-1DB549356106}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD6E47CD-C754-429F-9A7B-45C9DCD8DFE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.20 00:23:21 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\Wireshark
[2013.05.18 17:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.05.18 17:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013.05.18 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2013.05.17 00:01:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.17 00:01:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.16 21:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 08:33:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 08:33:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 08:33:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 08:33:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 08:33:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 08:33:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 08:33:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 08:33:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 08:33:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 08:33:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 08:33:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 08:33:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 08:33:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 08:33:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 08:33:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 08:11:27 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 08:11:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 08:11:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.16 08:11:16 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 08:11:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 08:11:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 08:11:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 08:04:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.16 00:35:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.16 00:03:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.16 00:03:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.16 00:03:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.16 00:02:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.16 00:02:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.10 16:46:01 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.09 22:40:44 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\Avira
[2013.05.09 22:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.09 22:39:05 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.09 22:39:05 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.09 22:39:05 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.09 22:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.04.29 18:00:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.26 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\NoPC\AppData\Roaming\Skype
[2013.04.26 16:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009.08.22 10:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.21 13:18:35 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 13:18:35 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 13:16:05 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.21 13:16:05 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.21 13:16:05 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.21 13:16:05 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.21 13:16:05 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.21 13:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.21 13:09:50 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 00:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.20 22:12:14 | 001,033,220 | ---- | M] () -- C:\Users\NoPC\Desktop\capture2005_2212.pcapng
[2013.05.20 19:01:08 | 000,024,896 | ---- | M] () -- C:\Users\NoPC\Desktop\capture2005_1901.pcapng
[2013.05.20 14:00:24 | 000,014,572 | ---- | M] () -- C:\Users\NoPC\Desktop\capture2005_1400.pcapng
[2013.05.20 00:21:30 | 000,108,120 | ---- | M] () -- C:\Users\NoPC\Documents\capture2205_0021.pcapng
[2013.05.18 17:22:04 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2013.05.16 10:43:09 | 000,365,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 00:17:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.15 13:49:52 | 000,000,000 | ---- | M] () -- C:\Users\NoPC\defogger_reenable
[2013.05.15 12:24:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 12:24:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.10 16:45:42 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.09 22:39:14 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.29 18:00:14 | 360,889,576 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.05.20 22:12:14 | 001,033,220 | ---- | C] () -- C:\Users\NoPC\Desktop\capture2005_2212.pcapng
[2013.05.20 19:01:08 | 000,024,896 | ---- | C] () -- C:\Users\NoPC\Desktop\capture2005_1901.pcapng
[2013.05.20 14:00:24 | 000,014,572 | ---- | C] () -- C:\Users\NoPC\Desktop\capture2005_1400.pcapng
[2013.05.20 00:21:30 | 000,108,120 | ---- | C] () -- C:\Users\NoPC\Documents\capture2205_0021.pcapng
[2013.05.18 17:22:04 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013.05.18 17:22:04 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2013.05.16 00:03:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.16 00:03:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.16 00:03:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.16 00:03:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.16 00:03:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.15 13:49:52 | 000,000,000 | ---- | C] () -- C:\Users\NoPC\defogger_reenable
[2013.05.09 22:39:14 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.29 18:00:14 | 360,889,576 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.04 22:05:24 | 000,000,696 | ---- | C] () -- C:\Users\NoPC\Bibliotheken - Verknüpfung.lnk
[2013.01.23 20:40:13 | 000,000,043 | ---- | C] () -- C:\Users\NoPC\jagex_cl_runescape_LIVE.dat
[2013.01.23 20:40:13 | 000,000,024 | ---- | C] () -- C:\Users\NoPC\random.dat
[2013.01.08 19:38:09 | 000,001,689 | ---- | C] () -- C:\Users\NoPC\AppData\Local\recently-used.xbel
[2012.10.20 20:18:51 | 000,003,584 | ---- | C] () -- C:\Users\NoPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.14 14:54:40 | 000,000,000 | ---- | C] () -- C:\Users\NoPC\AppData\Roaming\wklnhst.dat
[2012.08.24 13:49:44 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin
[2012.08.24 13:49:04 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin
[2012.06.20 19:13:16 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe
[2012.06.03 10:25:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.05.24 08:31:56 | 000,000,730 | ---- | C] () -- C:\Users\NoPC\.lmmsrc.xml
[2012.05.11 23:29:32 | 000,001,768 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.05.11 19:20:25 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.05.11 14:20:50 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.05.11 14:20:50 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.05.11 14:20:50 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.05.11 14:20:50 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.05.11 14:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 21.05.2013 13:14:46 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\NoPC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 73,02% Memory free
7,99 Gb Paging File | 6,79 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 294,20 Gb Free Space | 64,81% Space Free | Partition Type: NTFS
 
Computer Name: NOPC-PC | User Name: NoPC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EE0B9C-9D3E-44DE-A2A0-B6DBE850B704}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0585F5A0-F8E6-4130-9108-3A1A9E2B1434}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{27576987-73B2-41BF-B26B-D0B56E8EB4FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E66EC7B-3C59-419B-99F3-29FE9DE29E3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80C93C48-6BA7-43F1-8033-3185FC04FA4F}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{9273ED9B-F116-476A-AA4B-AFBFDE721019}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9DFAA846-49DB-4BEC-8E4E-D45A21AFC7F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A19918D9-8836-4062-A018-686571902730}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AEE4D7E1-00DE-4BA9-9423-7A0C3CD77734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D4F7E4E2-0022-46AF-AA76-C1FFD21300B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3AD96FE-7900-410F-B0F4-698B54870A23}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{E873AF70-7736-441E-BF87-59CFE08C92A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC08F53A-92BD-43CE-A6EB-67BD85EE45BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F9FB0254-59D8-4427-9BDC-0A087D5F52B7}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CA1E5A-57F9-4383-AC2F-D07423C88E7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03AE5CFA-812C-49A7-B003-3585DA88DD3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{05F5BDDB-7787-4E22-982F-11AC7BDBF50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B0E9439-33AB-47B0-B661-79D4DD96C4F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DB6F52F-2488-4615-B42D-CC238964C6BE}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{14E0DE49-A077-427F-92F1-8918EDD9BC20}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{292186E0-8113-44A1-8EC5-44D7F34021EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2A9D671B-2CC4-4786-B5FB-FF12E62C4E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{2EE41268-558B-4F0D-AE7A-4A2545636B22}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | 
"{33231F7B-FF41-42AA-B2C3-EDE376F1A194}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A57332E-A328-4A88-AF04-4E534133CFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{484303D0-D0EA-4BC2-BEC1-1076C1A7E6E8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{4DA68962-99E2-4FC8-A9B3-8A307BF75B0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5603324D-BFB9-456B-88D9-9A2D9382C4C2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{622CB805-FA66-4A57-B285-7DB52648A397}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{632ECBDF-18A7-468B-B8F2-9972F29F9F79}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{639B2E4D-441F-44F3-B956-7C5CD77A51B3}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{6751D389-C3AF-4F20-9C08-E1F3932F6A28}" = protocol=6 | dir=out | app=system | 
"{709F98C6-1B56-469C-AA7C-7E33F537B2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8140828E-A7CB-4CA0-9590-D06DF09A673E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81FCDC12-A3B5-4FDB-90C1-93D6351C930F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83222BC9-A721-485C-8150-A462DCF28E92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{9038A1E5-E980-40EA-932C-80769EEEB60A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{9682E930-041F-4951-AC3F-64256D293DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\robinho18\counter-strike source\hl2.exe | 
"{9BD6AE55-D411-430E-907D-5FAAA462D7FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{9FDC6C0B-AF01-4FFA-AC9B-3FCF28B99A90}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{A2194679-5DE0-4C64-A555-300A42CE3403}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{A5A48B92-8A06-46CC-AB98-D30EDF70F628}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AA2790EA-B507-49FA-BBB5-E18A2C7710BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B9C078BF-109E-4A86-B96A-35EFC390FA92}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C58A5625-8809-4490-88A8-66B2FCF07DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C90FC48B-F70D-484E-A7B5-5B5031DC34CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D8AABB03-CA8D-478A-9763-5281D43A0491}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D8C1F067-2EE8-4515-8D6C-44AF31E09380}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DD93BF5A-C076-4E4F-96CB-44B9C188D11E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\robinho18\counter-strike source\hl2.exe | 
"{DEDAD74F-3B19-41D3-AE49-C6DE6E952A7B}" = protocol=6 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"{E92CFDEC-F27D-46FA-9A83-F871CF84EAC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED0949E5-65D9-4419-94E5-04674E2854F6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F46E6E1C-9343-45E1-98DB-C5BC867F7AF8}" = protocol=17 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{62AD7816-3C54-42C9-88A9-E27428A54C3D}C:\users\nopc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{87A5F5B6-AD6D-4221-A411-3313F58D5236}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{9B2F79D1-044F-4E89-B7DF-3115944C5CDA}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{A732350C-5C1F-4F45-A392-E24268729341}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C3CC043C-3C5E-469F-BE1E-6E492DC8322A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{F5CEF5D5-283A-46DD-A62A-F628AF06AA35}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{AE25888A-089F-4D77-9CD8-76376C7E2E22}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{DBB8FF57-37C2-41BF-BA0B-C213DAAD7468}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{DD272DD7-5382-4490-AE97-D5182E8F3F1B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DDDCB4A7-13E2-4C52-80FB-4283DF15368D}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{F0D8B6C7-E76A-4E12-AE98-1438997AB014}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{FFDA0107-7A9A-4DE0-AB65-B99E4F069F36}C:\users\nopc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nopc\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German
"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45518B6D-9DDF-4144-83E4-A56762524F35}" = USB2.0 Grabber
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian
"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}" = Audials
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista
"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese
"{A2F166A0-F031-4E27-A057-C69733219435}_is1" = RaiderZ
"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish
"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch
"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek
"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static
"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese
"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish
"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.5.5
"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing
"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard
"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish
"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Black Mirror_is1" = Black Mirror 1.2
"Deckadance" = Deckadance
"Desura" = Desura
"Desura_83146271883296" = Desura: Mortal Online
"Diablo II" = Diablo II
"FL Studio 10" = FL Studio 10
"Giraffic" = Veoh Giraffic Video Accelerator
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.19
"GridVista" = Acer GridVista
"HyperCam 3" = HyperCam 3
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PakkISO_is1" = PakkISO 0.4
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"Steam App 240" = Counter-Strike: Source
"Steam App 630" = Alien Swarm
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"Wireshark" = Wireshark 1.8.6 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-197116359-2089510335-3275323253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Inkscape" = Inkscape 0.48.3.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2013 18:14:57 | Computer Name = NoPC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x808  Startzeit der fehlerhaften Anwendung: 0x01ce53c900d69055  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 5f387145-c008-11e2-b085-001f16c7e9fa
 
[ System Events ]
Error - 20.05.2013 07:48:57 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 20.05.2013 07:48:57 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 20.05.2013 12:56:08 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 20.05.2013 12:56:08 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 21.05.2013 02:40:42 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 21.05.2013 02:40:42 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 21.05.2013 03:27:12 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 21.05.2013 03:27:12 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 21.05.2013 07:10:24 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 21.05.2013 07:10:24 | Computer Name = NoPC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
Hab beim letzten mal nen quick scan gemacht und den Haken bei "Scanne alle Benutzer" vergessen. Hoffentlich hast du das direkt bemerkt und das Log nicht vorher noch komplett durchgearbeitet

Alt 21.05.2013, 12:41   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spanner auf dem Laptop - Standard

Spanner auf dem Laptop



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Spanner auf dem Laptop
abend, andere, anderen, boxen, erkenne, forums, gestern, headset, interne, kleine, konnte, laptop, league, league of legends, nicht mehr, probleme, server, skype, spiel, starte, starten, titel, troja, trojaner, zugriff, ändert



Ähnliche Themen: Spanner auf dem Laptop


  1. Laptop läuft langsam Win 7, Rechtsklick mit Maus funktioniert nicht, Laptop zickt rum.
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (11)
  2. Laptop sehr langsam und wird schnell heiß wenn man games zockt virus? internet spackt auch oft ab (nur laptop)
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (3)
  3. Lollipop Virus auf Laptop , Laptop wird immer Langsamer! Deinstellieren fehlerhaft
    Log-Analyse und Auswertung - 03.02.2014 (3)
  4. Laptop Probleme - "Laptop stürzt ständig ab oder friert ein - wohl Virus :-("
    Mülltonne - 30.12.2013 (1)
  5. Blackscreen am Laptop
    Log-Analyse und Auswertung - 15.11.2013 (3)
  6. Laptop Langsam
    Plagegeister aller Art und deren Bekämpfung - 25.09.2013 (13)
  7. GVU Trojaner auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (11)
  8. GUV/Bka Virus auf Win 7 Laptop
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (3)
  9. GVU Virus auf Laptop, Laie braucht dringend Hilfe, wie OTL auf verseuchten Laptop bringen?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (21)
  10. GVU auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (3)
  11. Laptop Kamera Spanner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (15)
  12. Laptop nun sauber?
    Log-Analyse und Auswertung - 05.02.2012 (12)
  13. Viren auf dem Laptop
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (9)
  14. BKA-Trojaner auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (3)
  15. TAN-Trojaner auf altem Laptop - Datenübertragung auf neuen Laptop?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (5)
  16. Laptop
    Netzwerk und Hardware - 09.12.2008 (27)
  17. LAPTOP ist öa
    Log-Analyse und Auswertung - 02.03.2007 (7)

Zum Thema Spanner auf dem Laptop - Hallo, vorerst wusste ich nicht genau in welches Subforum das hier soll, ausserdem, wenn euch ein besserer Titel einfällt, dann ändert ihn ruhig. Ich hatte gestern abend Probleme das Spiel - Spanner auf dem Laptop...
Archiv
Du betrachtest: Spanner auf dem Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.