| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit KameraWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2012, 06:50
| #16 |
 |  GVU Trojaner mit Kamera Guten Morgen, hier schonmal der neue Report von ADW. Emisoft läuft noch... Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:35
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JoeCool - ACER-NETBOOK
# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\JoeCool\AppData\Local\Conduit
Folder Deleted : C:\Users\JoeCool\AppData\Local\OpenCandy
Folder Deleted : C:\Users\JoeCool\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JoeCool\AppData\Roaming\OpenCandy
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Softonic
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\prefs.js
C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\user.js ... Deleted !
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the Web");
Deleted : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=NT_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:45");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "orgnl");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.Softonic.instlDay", "15479");
Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Deleted : user_pref("extensions.Softonic_i.newTab", false);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.011:51:49");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,googlebar@google.com:1.0,{972ce4[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1339484352821");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10657");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15503");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15503");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 78067074);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyEHkzSSo");
Deleted : user_pref("extensions.incredibar.upn2n", "92261571160651468");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10657");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15503");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyEHkzSSo");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261571160651468");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyEHkzSSo&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Profile name : default-1339507078693 [Profil par défaut]
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [18599 octets] - [22/07/2012 21:54:00]
AdwCleaner[S1].txt - [276 octets] - [23/07/2012 07:29:06]
AdwCleaner[S2].txt - [16850 octets] - [23/07/2012 07:29:35]
########## EOF - C:\AdwCleaner[S2].txt - [16979 octets] ##########
Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:06
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JoeCool - ACER-NETBOOK
# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe
# Option [Delete]
So, hier nun der Bericht von Emisoft. Das meiste ist wohl recht harmlos, aber am Ende finden sich dann doch ein Paar Kracher :-( Hab noch nichts gelöscht. Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.07.2012 07:41:21
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 23.07.2012 07:41:45
c:\users\joecool\appdata\roaming\microsoft\windows\start menu\programs\partypoker gefunden: Trace.File.partypoker!E1
c:\program files (x86)\ascentive\performance center gefunden: Trace.File.spyware striker pro!E1
c:\users\joecool\appdata\roaming\pacificpoker\ gefunden: Trace.File.pacificpoker!E1
Value: hkey_current_user\software\pokerinstaller --> fullpath gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9 gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> mucklosinghand gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> buttontext gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> clsid gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> default visible gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> exec gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> hoticon gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> icon gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menustatusbar gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menutext gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> path gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pokerinstaller --> installer_guid gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> url_casino_2 gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10 gefunden: Trace.Registry.partypoker!E1
Key: hkey_current_user\software\pacificpoker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\init gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pokerinstaller gefunden: Trace.Registry.pacificpoker!E1
C:\Users\JoeCool\Downloads\backups\backup-20111202-113817-403.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\BrowserPasswordDecryptor.exe gefunden: Riskware.PSWTool.Win32.PasswordRecovery.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\NetworkPasswordDecryptor.exe gefunden: Trojan.Win32.SecurityXploded.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\YahooPasswordDecryptor.exe gefunden: Trojan.Win32.SecurityXploded.AMN!E1
Gescannt 637126
Gefunden 54
Scan Ende: 23.07.2012 10:06:47
Scan Zeit: 2:25:02
|
|
23.07.2012, 09:13
| #17 |
| | GVU Trojaner mit Kamera Hier nochmal Adw und Emisoft als Zip
__________________ |
|
23.07.2012, 10:08
| #18 |
| /// Helfer-Team  | GVU Trojaner mit Kamera Du brauchst die Logs nicht anhaengen, wenn du sie gepostet hast. Also entweder - oder.
__________________ Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ |
|
23.07.2012, 13:52
| #19 |
| | GVU Trojaner mit Kamera So, hat ne Ewigkeit gedauert und 2 Viren gefunden... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2795bedf0453a1419da4152ec4bfcd29
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 12:47:36
# local_time=2012-07-23 02:47:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 2258176 2258176 0 0
# compatibility_mode=5893 16776574 100 94 40164986 94666108 0 0
# compatibility_mode=8192 67108863 100 0 103 103 0 0
# scanned=208708
# found=2
# cleaned=2
# scan_time=11398
C:\Users\JoeCool\AppData\Roaming\13001.025\components\AcroFFe.dll a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
23.07.2012, 17:30
| #20 |
| /// Helfer-Team | GVU Trojaner mit Kamera Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
23.07.2012, 19:37
| #21 |
| | GVU Trojaner mit Kamera Also ich hab kein IE Icon bekommen. Dafür waren dann die Fierefox icons plötzlich alle kaputt (liefen ins leere und wurden gelöscht...). Nach neustart läuft Firefox jetzt aber wieder. Hier die Logs: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-21.01 - JoeCool 23.07.2012 19:55:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1979.782 [GMT 2:00]
ausgeführt von:: c:\users\JoeCool\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Cannonnt
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\programdata\Roaming
c:\users\JoeCool\AppData\Local\assembly\tmp
c:\users\JoeCool\AppData\Roaming\.#
c:\users\JoeCool\AppData\Roaming\1&1
c:\users\JoeCool\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\JoeCool\AppData\Roaming\AcroIEHelpe.txt
c:\users\JoeCool\AppData\Roaming\srvblck5.tmp
c:\windows\dwatson.dll
c:\windows\IsUn0407.exe
c:\windows\ntcore.dll
c:\windows\NTVDLL.dll
c:\windows\refsdm.dll
c:\windows\SysWow64\c.dll
c:\windows\winclfile.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-23 bis 2012-07-23 ))))))))))))))))))))))))))))))
.
.
2012-07-23 18:06 . 2012-07-23 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 05:37 . 2012-07-23 09:29 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-22 16:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 14:40 . 2012-07-22 14:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 14:22 . 2012-07-22 14:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-22 14:20 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-22 14:20 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-07-22 14:20 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-22 14:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 14:20 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 14:20 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-22 14:20 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-22 14:20 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-22 14:20 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-22 14:19 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-22 14:19 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-22 14:19 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-22 14:19 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-22 14:19 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-22 14:19 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-22 14:19 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-22 14:19 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-22 14:19 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-22 14:19 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-22 14:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-22 14:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-22 14:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-22 14:17 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-22 14:13 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-22 14:13 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-22 14:13 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-22 14:13 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-22 14:13 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-22 14:13 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-22 14:13 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-22 14:12 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-22 14:12 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-22 14:12 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-22 14:12 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-22 14:12 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-22 14:12 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-22 14:12 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-22 14:12 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-22 14:12 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-22 14:12 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-22 14:12 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-22 12:57 . 2012-07-22 12:57 -------- d-----w- C:\_OTL
2012-07-22 12:44 . 2012-07-22 12:44 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-21 12:14 . 2012-07-21 13:45 -------- d-----w- c:\users\JoeCool\AppData\Local\adaware
2012-07-21 12:13 . 2011-12-19 10:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-21 12:13 . 2011-12-19 11:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-07-21 12:13 . 2012-07-21 12:20 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-21 12:11 . 2012-07-23 09:31 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-21 12:10 . 2012-07-21 12:11 -------- d-----w- c:\program files (x86)\adawaretb
2012-07-21 12:09 . 2012-07-22 10:03 -------- d-----w- c:\users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
2012-07-17 16:00 . 2012-07-17 16:00 -------- d-----w- c:\users\JoeCool\AppData\Roaming\13001.026
2012-07-17 10:52 . 2012-07-22 12:44 -------- d-----w- c:\users\JoeCool\AppData\Roaming\Skype
2012-07-17 10:51 . 2012-07-17 10:51 -------- d-----r- c:\program files (x86)\Skype
2012-07-17 10:51 . 2012-07-17 10:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-17 10:51 . 2012-07-17 10:52 -------- d-----w- c:\programdata\Skype
2012-07-14 18:46 . 2012-07-15 07:54 -------- d-----w- c:\users\JoeCool\AppData\Roaming\13001.025
2012-07-13 15:08 . 2012-07-14 05:29 -------- d-----w- c:\users\JoeCool\AppData\Roaming\13001.024
2012-07-12 18:42 . 2012-07-12 18:42 -------- d-----w- c:\users\JoeCool\AppData\Roaming\13001.023
2012-07-12 12:04 . 2012-07-12 12:05 -------- d-----w- c:\users\JoeCool\AppData\Roaming\13001.022
2012-07-12 12:04 . 2012-07-17 10:54 -------- d-----w- c:\users\JoeCool\AppData\Roaming\xmldm
2012-07-12 12:04 . 2012-07-12 12:04 -------- d-----w- c:\users\JoeCool\AppData\Roaming\kock
2012-07-06 10:55 . 2012-07-06 10:55 -------- d-----w- c:\users\JoeCool\AppData\Roaming\EurekaLog
2012-06-27 06:27 . 2012-06-27 06:27 -------- d-----w- c:\users\JoeCool\AppData\Roaming\Avira
2012-06-27 06:21 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-27 06:21 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-27 06:21 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-27 06:21 . 2012-06-27 06:21 -------- d-----w- c:\programdata\Avira
2012-06-27 06:21 . 2012-06-27 06:21 -------- d-----w- c:\program files (x86)\Avira
2012-06-26 10:02 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-06-26 10:02 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-06-26 10:02 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-06-26 10:02 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-06-26 10:02 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-06-26 09:33 . 2012-06-26 09:38 -------- d-----w- C:\2c9c9d0d276235ed2517d9b428
2012-06-25 11:07 . 2012-06-25 11:07 -------- d-----w- c:\program files (x86)\BMWi-Businessplaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 12:44 . 2010-06-27 13:02 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 07:20 . 2012-04-18 10:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:20 . 2011-07-24 12:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-12-02 10:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 01:19 . 2009-12-25 13:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 10:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 10:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 10:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-29 07:38 . 2011-12-23 19:58 330240 ----a-w- c:\windows\MASetupCaller.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2011-08-03 964688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-16 27760]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 7 (0x7)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-07-23 15672]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys [2011-08-03 199752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-06 119632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 msftesql$COMBIT_CRM;SQL Server-Volltextsuche (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$COMBIT_CRM;SQL Server (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2000-01-01 76912]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-Video Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$COMBIT_CRM]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:COMBIT_CRM"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-23 20:19:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-23 18:19
.
Vor Suchlauf: 17 Verzeichnis(se), 163.354.742.784 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 163.112.054.784 Bytes frei
.
- - End Of File - - 402ACD80BEE4E1D04BF0F7606F36E357
Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) 1&1 Office-Drive Manager 6300 6300_Help 6300Trb Acer Crystal Eye webcam Ver:1.1.95.714 Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer GridVista Acer Registration Acer ScreenSaver Acer Updater Acer VCM Acrobat.com ActiveTrader 5.1.2_b2 Ad-Aware Antivirus Ad-Aware Browsing Protection Ad-Aware Security Toolbar Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.1 MUI Adobe Shockwave Player 11.5 Advanced Renamer AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Alcor Micro USB Card Reader Alice Greenfingers Amazonia Apple Software Update Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Avira Free Antivirus AVM FRITZ!Box Dokumentation BGBlitz 2.7.0 BitTorrent BMWi-Businessplaner Gründung BufferChm C:\Users\JoeCool\AppData\Local\Temp\Rar$EX00.762\SDSD DEMO CPEditor C:\Users\JoeCool\VAIO\Joe Cool\Eigene Dateien\MariCon\SDL Complete\Charter Party Editor 32bit (2006) Calculatem Pro Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5200 series Benutzerregistrierung Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator EX 4.0 Canon My Printer Canon PhotoRecord Canon Solution Menu EX Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CD-LabelPrint Charter Party Viewer Chicken Invaders 2 Compatibility Pack für 2007 Office System CSS3 Menu CyberLink PowerDVD 8 Dairy Dash DATA BECKER TWIN 7 Tweaker Dia (nur entfernen) DocProc Dream Day First Home DSL-Speedtest ELO Pdf Drucker ELOoffice ElsterFormular Farm Frenzy 2 First Class Flurry funScreenScraping Client Version funScreenScraping Microsoft Systemdateien Google Apps Migration For Microsoft Outlook® 2.3.12.34 Google Calendar Sync Google Update Helper GPL Ghostscript Granny In Paradise GSview 5.0 Haufe iDesk-Browser Haufe iDesk-Service Heroes of Hellas Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HPPhotoGadget Identity Card IKEA Home Planner Inkscape 0.48.3.1 Intel PROSet Wireless Intel(R) Rapid Storage Technology IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 33 Java(TM) SE Runtime Environment 6 JellyFish Light 3.5 julitecCRM 6.0 Junk Mail filter update K-Lite Codec Pack 5.6.1 (Basic) KompoZer 0.8b3 Launch Manager Lexware Abschreibungsrechner Lexware büro easy 2007 Lexware Info Service Lexware online banking 4.80 LG CyberLink LabelPrint LG CyberLink Power2Go LG CyberLink PowerBackup LG CyberLink YouCam LG ODD Auto Firmware Update LG Power Tools LG United Mobile Drivers LG USB Modem Drivers LinkedIn Outlook Connector Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware Version 1.62.0.1300 Merriam Websters Spell Jam Microsoft Choice Guard Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Office Live Add-in 1.5 Microsoft Office O MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (German) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (German) 2007 Microsoft Office X MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 (COMBIT_CRM) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker Netpas Distance Nvu 1.0 OutlookAddInNet3Setup PC Inspector File Recovery PDFCreator Picasa 3 PNMD Protect Disc License Helper 1.0.118 QuickSteuer 2010 QuickSteuer Wissens-Center 2010 QuickTime Realtek High Definition Audio Driver Remote Control USB Driver Samsung Kies Scan Scribus 1.4.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Serif PagePlus Starter Edition Servicepack Datumsaktualisierung Skype™ 5.10 SopCast 3.5.0 Spybot - Search & Destroy System Requirements Lab for Intel Tinypic 3.18 Toolbox Tools für Microsoft SQL Server 2005 TreeSize Free V2.5 TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) TVersity Codec Pack 1.7 TVersity Media Server 1.9.7 UnloadSupport Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Video Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebCam WebReg Welcome Center Windows Live-Uploadtool Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer WinRAR WOW Slider Xiph.Org Open Codecs 0.85.17777 xp-AntiSpy 3.97-7 |
|
23.07.2012, 21:51
| #22 |
| /// Helfer-Team | GVU Trojaner mit Kamera CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
|
|
23.07.2012, 22:46
| #23 |
| | GVU Trojaner mit Kamera Here we go... Bin dann morgen wieder Online. Nähren wir uns dem Ende ?  OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.07.2012 23:17:00 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\JoeCool\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,80% Memory free 3,87 Gb Paging File | 2,40 Gb Available in Paging File | 62,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220,79 Gb Total Space | 152,07 Gb Free Space | 68,88% Space Free | Partition Type: NTFS Drive D: | 7,51 Gb Total Space | 7,45 Gb Free Space | 99,18% Space Free | Partition Type: FAT32 Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JoeCool\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe () PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe () SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software) DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software) DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\googlebar@google.com: C:\Users\JoeCool\AppData\Roaming\Google_Toolbar\Google_Toolbar\1.0.0.0 [2012.06.12 14:47:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 18:00:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.22 07:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Extensions [2012.07.21 14:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions [2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.07.21 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions [2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.07.22 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.22 14:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.07.19 11:45:01 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.06.20 20:59:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml [2012.02.18 08:35:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 08:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.18 08:35:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 08:35:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 08:35:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 08:35:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - Extension: No name found = C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\ O1 HOSTS File: ([2012.07.23 20:06:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 7 O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe () O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm () O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209CAB17-3433-4606-BBA1-C77E5434E188}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF772E7-62EB-4A1D-9BD0-AE5DDB4DECB3}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: RayV - hkey= - key= - File not found MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\1&1 [2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 [2012.07.23 20:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.23 19:53:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.23 19:53:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.23 19:53:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.23 19:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.23 19:52:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.23 19:46:10 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe [2012.07.23 11:23:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe [2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Anti-Malware [2012.07.23 07:24:50 | 139,009,208 | ---- | C] (Emsisoft GmbH ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe [2012.07.22 18:43:13 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Saved Games [2012.07.22 18:43:12 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Contacts [2012.07.22 16:40:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.07.22 16:22:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.07.22 14:57:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.22 09:39:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe [2012.07.21 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adaware [2012.07.21 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.07.21 14:13:38 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012.07.21 14:13:37 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.07.21 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012.07.21 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adawarebp [2012.07.21 14:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.07.21 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012.07.21 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus [2012.07.19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Desktop\MariCon [2012.07.17 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Skype [2012.07.17 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.17 12:51:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.17 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.17 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.025 [2012.07.13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.024 [2012.07.12 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.023 [2012.07.12 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.022 [2012.07.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\xmldm [2012.07.12 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kock [2012.07.06 12:55:11 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog [2012.06.27 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Avira [2012.06.27 08:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.27 08:21:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.27 08:21:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.27 08:21:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.26 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Temp [2012.06.26 12:02:02 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys [2012.06.26 12:02:02 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys [2012.06.26 12:02:01 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys [2012.06.26 12:02:01 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys [2012.06.26 12:02:01 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys [2012.06.26 11:33:00 | 000,000,000 | ---D | C] -- C:\2c9c9d0d276235ed2517d9b428 [2012.06.25 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi-Businessplaner [2012.06.25 13:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMWi-Businessplaner [2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.07.23 21:00:38 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini [2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 20:32:59 | 001,867,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.23 20:32:59 | 000,797,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.23 20:32:59 | 000,735,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.23 20:32:59 | 000,185,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.23 20:32:59 | 000,148,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.23 20:28:25 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.23 20:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 20:27:00 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys [2012.07.23 20:06:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.23 19:46:14 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe [2012.07.23 11:23:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe [2012.07.23 10:11:51 | 000,005,064 | ---- | M] () -- C:\Users\JoeCool\Desktop\Desktop.zip [2012.07.23 07:25:51 | 139,009,208 | ---- | M] (Emsisoft GmbH ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe [2012.07.22 20:01:03 | 000,190,740 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.jpg [2012.07.22 18:41:34 | 000,443,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.22 18:13:38 | 001,845,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.22 15:12:55 | 000,003,152 | ---- | M] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip [2012.07.22 11:02:56 | 000,036,665 | ---- | M] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip [2012.07.22 10:39:25 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 09:50:32 | 000,632,049 | ---- | M] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe [2012.07.22 09:39:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe [2012.07.21 12:03:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.07.21 12:03:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.07.19 16:10:34 | 002,686,168 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.gif [2012.07.17 18:10:48 | 000,000,051 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res [2012.07.17 16:52:52 | 001,269,795 | ---- | M] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf [2012.07.17 12:51:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.14 16:09:00 | 000,000,011 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat [2012.07.13 23:00:55 | 000,007,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg [2012.07.05 23:03:34 | 000,028,648 | ---- | M] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.27 08:21:39 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.25 13:07:29 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk ========== Files Created - No Company Name ========== [2012.07.23 19:53:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.23 19:53:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.23 19:53:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.23 19:53:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.23 19:53:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.23 10:11:51 | 000,005,064 | ---- | C] () -- C:\Users\JoeCool\Desktop\Desktop.zip [2012.07.22 20:01:03 | 000,190,740 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.jpg [2012.07.22 16:38:03 | 001,845,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.22 15:12:55 | 000,003,152 | ---- | C] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip [2012.07.22 11:02:56 | 000,036,665 | ---- | C] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip [2012.07.22 09:50:26 | 000,632,049 | ---- | C] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe [2012.07.21 14:13:58 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.19 16:10:33 | 002,686,168 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.gif [2012.07.17 18:12:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.17 16:52:00 | 001,269,795 | ---- | C] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf [2012.07.17 12:51:54 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.14 16:09:00 | 000,000,011 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat [2012.07.13 23:00:51 | 000,007,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg [2012.07.12 14:04:50 | 000,000,051 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res [2012.07.05 23:03:25 | 000,028,648 | ---- | C] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg [2012.06.27 08:21:39 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.25 13:07:29 | 000,001,356 | ---- | C] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk [2012.06.12 16:29:06 | 000,000,790 | ---- | C] () -- C:\Windows\slog.dll [2012.06.10 12:17:44 | 000,007,469 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel [2012.06.02 10:45:11 | 000,001,650 | ---- | C] () -- C:\Windows\mozver.dat [2012.05.28 10:40:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2012.05.12 11:11:41 | 000,038,425 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.04.28 10:54:37 | 000,000,039 | ---- | C] () -- C:\Windows\combit.ini [2012.04.24 14:01:04 | 000,000,277 | ---- | C] () -- C:\Windows\ODBC.INI [2012.04.24 13:49:28 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll [2012.04.24 13:49:28 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll [2012.04.24 13:49:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll [2012.04.24 13:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI [2012.03.04 12:10:42 | 000,000,782 | ---- | C] () -- C:\Windows\wininit.ini [2012.01.25 14:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI [2012.01.25 14:27:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.07.19 10:16:33 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011.07.19 10:16:33 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2011.05.20 08:59:18 | 000,038,441 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.05.17 12:28:58 | 000,245,354 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.05.17 12:28:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.05.04 11:04:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.05.04 11:04:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.04.22 07:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.15 12:34:30 | 000,007,598 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\Resmon.ResmonCfg [2011.04.07 17:19:01 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini [2010.12.16 22:29:02 | 000,000,316 | ---- | C] () -- C:\Windows\Jelly.ini [2010.11.07 11:54:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009.12.25 13:30:39 | 000,006,144 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1 [2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022 [2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023 [2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024 [2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025 [2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus [2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent [2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon [2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit [2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign [2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon [2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware [2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular [2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog [2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla [2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole [2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo [2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0 [2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe [2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu [2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape [2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus [2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView [2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software [2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec [2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock [2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer [2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net [2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware [2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics [2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas [2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu [2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation [2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC [2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS [2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc [2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV [2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung [2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus [2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif [2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools [2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer [2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp [2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software [2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm [2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind [2011.12.14 08:32:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1 [2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022 [2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023 [2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024 [2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025 [2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus [2012.06.25 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Adobe [2011.12.25 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Apple Computer [2012.06.27 08:27:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Avira [2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent [2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon [2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit [2011.04.07 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\CyberLink [2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign [2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon [2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware [2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular [2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog [2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla [2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole [2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo [2009.12.09 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google [2012.06.12 11:18:33 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google_Toolbar [2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0 [2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe [2011.05.17 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\HP [2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu [2009.12.09 20:06:35 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Identities [2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape [2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus [2010.04.01 09:07:41 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\InstallShield [2010.02.22 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel [2011.07.19 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel Corporation [2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView [2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software [2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec [2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock [2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer [2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net [2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware [2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics [2009.12.09 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Macromedia [2011.12.02 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Media Center Programs [2012.06.21 07:48:17 | 000,000,000 | --SD | M] -- C:\Users\JoeCool\AppData\Roaming\Microsoft [2011.04.22 07:17:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla [2010.08.15 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla-Cache [2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas [2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu [2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation [2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC [2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS [2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc [2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV [2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung [2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus [2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif [2012.07.22 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Skype [2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools [2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer [2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp [2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software [2010.02.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\WinRAR [2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm [2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind [2012.01.25 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2012.01.25 14:27:14 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2011.07.19 09:28:17 | 001,488,632 | ---- | M] (Packard Bell B.V. ) -- C:\Users\JoeCool\AppData\Roaming\Easeware\DriverEasy\drivers\zxn35q1l.mhb\NF750i_Chipset_Vista64_v9.60.exe [2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\tools\LGSetCDROMAutoRun.exe [2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe [2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe [2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.02.22 07:57:00 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.02.22 07:57:04 | 000,278,928 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.12.23 21:59:48 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.02.22 07:57:06 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.02.22 07:57:10 | 000,131,984 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.02.22 07:57:12 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.12.23 21:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T081044360817\pci\ven_8086&dev_2929&cc_0106\iaStor.sys [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T082719517489\pci\ven_8086&dev_2929&cc_0106\iaStor.sys [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.02.11 20:00:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Drivers\Chipset_9.60\nvstor32.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
23.07.2012, 23:48
| #24 |
| /// Helfer-Team | GVU Trojaner mit Kamera Ja, wir sind bald durch Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
:Files
C:\Users\JoeCool\AppData\Roaming\kock
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
24.07.2012, 06:56
| #25 |
| | GVU Trojaner mit Kamera Moin John, Unten das neue Log. Was mir aufgefallen ist: - Rechner startet deutlich schneller - Nach Neustart wollen "Aplle Applications (I-Tunes), LG (externes DVD) und Office Drive (Cloud Services) immer neue Treiber installieren. Hab das mal zugelassen, kommt aber nach jedem neustart wieder. Bzw. bei Apple kommt, das ich Itunes deinstallieren und dann neu installieren soll. Code:
ATTFilter All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\JoeCool\AppData\Roaming\kock folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\JoeCool\Desktop\cmd.bat deleted successfully.
C:\Users\JoeCool\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Hanni
->Temp folder emptied: 0 bytes
User: JoeCool
->Temp folder emptied: 184410 bytes
->Temporary Internet Files folder emptied: 65950 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62093392 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1115 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2947 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 59,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Hanni
User: JoeCool
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07242012_074645
Files\Folders moved on Reboot...
C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
wie gehts denn weiter? |
|
25.07.2012, 00:54
| #26 |
| /// Helfer-Team | GVU Trojaner mit Kamera Apple kannst du re-installieren. TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung. |
|
25.07.2012, 07:25
| #27 |
| | GVU Trojaner mit Kamera Moin! also meine Screens bei TDSS sehen etwas anders aus als in der Anleitung und nach Neustart wurde ich auch nicht gefragt. Hier das LOG: Code:
ATTFilter 08:19:27.0378 1964 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:19:27.0596 1964 ============================================================
08:19:27.0596 1964 Current date / time: 2012/07/25 08:19:27.0596
08:19:27.0596 1964 SystemInfo:
08:19:27.0596 1964
08:19:27.0596 1964 OS Version: 6.1.7601 ServicePack: 1.0
08:19:27.0596 1964 Product type: Workstation
08:19:27.0596 1964 ComputerName: ACER-NETBOOK
08:19:27.0596 1964 UserName: JoeCool
08:19:27.0596 1964 Windows directory: C:\Windows
08:19:27.0596 1964 System windows directory: C:\Windows
08:19:27.0596 1964 Running under WOW64
08:19:27.0596 1964 Processor architecture: Intel x64
08:19:27.0596 1964 Number of processors: 2
08:19:27.0596 1964 Page size: 0x1000
08:19:27.0596 1964 Boot type: Normal boot
08:19:27.0596 1964 ============================================================
08:19:29.0562 1964 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:19:29.0624 1964 Drive \Device\Harddisk1\DR1 - Size: 0x1E0F00000 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:19:29.0624 1964 ============================================================
08:19:29.0624 1964 \Device\Harddisk0\DR0:
08:19:29.0624 1964 MBR partitions:
08:19:29.0624 1964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
08:19:29.0624 1964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x1B992800
08:19:29.0624 1964 \Device\Harddisk1\DR1:
08:19:29.0624 1964 MBR partitions:
08:19:29.0624 1964 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xF05800
08:19:29.0624 1964 ============================================================
08:19:29.0734 1964 C: <-> \Device\Harddisk0\DR0\Partition1
08:19:29.0734 1964 ============================================================
08:19:29.0734 1964 Initialize success
08:19:29.0734 1964 ============================================================
08:19:58.0001 5428 ============================================================
08:19:58.0001 5428 Scan started
08:19:58.0001 5428 Mode: Manual;
08:19:58.0001 5428 ============================================================
08:20:00.0996 5428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:20:01.0012 5428 1394ohci - ok
08:20:01.0074 5428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:20:01.0090 5428 ACPI - ok
08:20:01.0136 5428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:20:01.0136 5428 AcpiPmi - ok
08:20:01.0277 5428 Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
08:20:01.0324 5428 Ad-Aware Service - ok
08:20:01.0495 5428 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:20:01.0511 5428 AdobeFlashPlayerUpdateSvc - ok
08:20:01.0667 5428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:20:01.0682 5428 adp94xx - ok
08:20:01.0745 5428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:20:01.0745 5428 adpahci - ok
08:20:01.0792 5428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:20:01.0792 5428 adpu320 - ok
08:20:01.0823 5428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:20:01.0823 5428 AeLookupSvc - ok
08:20:01.0901 5428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:20:01.0916 5428 AFD - ok
08:20:01.0979 5428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:20:01.0979 5428 agp440 - ok
08:20:02.0010 5428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:20:02.0026 5428 ALG - ok
08:20:02.0041 5428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:20:02.0057 5428 aliide - ok
08:20:02.0057 5428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:20:02.0072 5428 amdide - ok
08:20:02.0104 5428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:20:02.0119 5428 AmdK8 - ok
08:20:02.0135 5428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:20:02.0135 5428 AmdPPM - ok
08:20:02.0182 5428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:20:02.0182 5428 amdsata - ok
08:20:02.0244 5428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:20:02.0260 5428 amdsbs - ok
08:20:02.0275 5428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:20:02.0275 5428 amdxata - ok
08:20:02.0338 5428 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
08:20:02.0353 5428 AMPPAL - ok
08:20:02.0369 5428 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
08:20:02.0369 5428 AMPPALP - ok
08:20:02.0587 5428 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:20:02.0634 5428 AMPPALR3 - ok
08:20:02.0790 5428 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
08:20:02.0790 5428 AmUStor - ok
08:20:02.0915 5428 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:20:02.0930 5428 AntiVirSchedulerService - ok
08:20:02.0977 5428 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:20:02.0977 5428 AntiVirService - ok
08:20:03.0040 5428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:20:03.0040 5428 AppID - ok
08:20:03.0071 5428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:20:03.0086 5428 AppIDSvc - ok
08:20:03.0118 5428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:20:03.0118 5428 Appinfo - ok
08:20:03.0180 5428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:20:03.0180 5428 arc - ok
08:20:03.0196 5428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:20:03.0196 5428 arcsas - ok
08:20:03.0289 5428 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:20:03.0336 5428 aspnet_state - ok
08:20:03.0367 5428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:20:03.0367 5428 AsyncMac - ok
08:20:03.0414 5428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:20:03.0414 5428 atapi - ok
08:20:03.0508 5428 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
08:20:03.0586 5428 athr - ok
08:20:03.0773 5428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:03.0820 5428 AudioEndpointBuilder - ok
08:20:03.0835 5428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:03.0835 5428 AudioSrv - ok
08:20:03.0913 5428 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:20:03.0913 5428 avgntflt - ok
08:20:03.0960 5428 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:20:03.0976 5428 avipbb - ok
08:20:03.0991 5428 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:20:03.0991 5428 avkmgr - ok
08:20:04.0054 5428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:20:04.0069 5428 AxInstSV - ok
08:20:04.0132 5428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:20:04.0163 5428 b06bdrv - ok
08:20:04.0225 5428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:20:04.0241 5428 b57nd60a - ok
08:20:04.0272 5428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:20:04.0272 5428 BDESVC - ok
08:20:04.0288 5428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:20:04.0303 5428 Beep - ok
08:20:04.0381 5428 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:20:04.0412 5428 BFE - ok
08:20:04.0459 5428 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:20:04.0537 5428 BITS - ok
08:20:04.0600 5428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:20:04.0600 5428 blbdrive - ok
08:20:04.0693 5428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:20:04.0724 5428 Bonjour Service - ok
08:20:04.0771 5428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:20:04.0771 5428 bowser - ok
08:20:04.0802 5428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:20:04.0818 5428 BrFiltLo - ok
08:20:04.0834 5428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:20:04.0834 5428 BrFiltUp - ok
08:20:04.0880 5428 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:20:04.0880 5428 BridgeMP - ok
08:20:04.0927 5428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:20:04.0927 5428 Browser - ok
08:20:04.0974 5428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:20:04.0990 5428 Brserid - ok
08:20:05.0005 5428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:20:05.0005 5428 BrSerWdm - ok
08:20:05.0021 5428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:20:05.0036 5428 BrUsbMdm - ok
08:20:05.0036 5428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:20:05.0052 5428 BrUsbSer - ok
08:20:05.0083 5428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:20:05.0083 5428 BthEnum - ok
08:20:05.0114 5428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:20:05.0114 5428 BTHMODEM - ok
08:20:05.0130 5428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:20:05.0130 5428 BthPan - ok
08:20:05.0192 5428 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:20:05.0224 5428 BTHPORT - ok
08:20:05.0255 5428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:20:05.0255 5428 bthserv - ok
08:20:05.0395 5428 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:20:05.0395 5428 BTHSSecurityMgr - ok
08:20:05.0442 5428 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:20:05.0442 5428 BTHUSB - ok
08:20:05.0458 5428 catchme - ok
08:20:05.0489 5428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:20:05.0489 5428 cdfs - ok
08:20:05.0551 5428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:20:05.0551 5428 cdrom - ok
08:20:05.0582 5428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:05.0598 5428 CertPropSvc - ok
08:20:05.0645 5428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:20:05.0645 5428 circlass - ok
08:20:05.0676 5428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:20:05.0692 5428 CLFS - ok
08:20:05.0770 5428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:05.0770 5428 clr_optimization_v2.0.50727_32 - ok
08:20:05.0801 5428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:20:05.0816 5428 clr_optimization_v2.0.50727_64 - ok
08:20:05.0894 5428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:20:06.0066 5428 clr_optimization_v4.0.30319_32 - ok
08:20:06.0128 5428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:20:06.0269 5428 clr_optimization_v4.0.30319_64 - ok
08:20:06.0300 5428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:20:06.0316 5428 CmBatt - ok
08:20:06.0347 5428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:20:06.0347 5428 cmdide - ok
08:20:06.0394 5428 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:20:06.0409 5428 CNG - ok
08:20:06.0440 5428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:20:06.0440 5428 Compbatt - ok
08:20:06.0487 5428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:20:06.0487 5428 CompositeBus - ok
08:20:06.0503 5428 COMSysApp - ok
08:20:06.0596 5428 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
08:20:06.0596 5428 cpudrv64 - ok
08:20:06.0612 5428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:20:06.0612 5428 crcdisk - ok
08:20:06.0674 5428 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:20:06.0674 5428 CryptSvc - ok
08:20:06.0737 5428 DBService (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
08:20:06.0752 5428 DBService - ok
08:20:06.0830 5428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:06.0862 5428 DcomLaunch - ok
08:20:06.0908 5428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:20:06.0924 5428 defragsvc - ok
08:20:06.0955 5428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:20:06.0971 5428 DfsC - ok
08:20:07.0018 5428 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
08:20:07.0018 5428 dgderdrv - ok
08:20:07.0049 5428 dgdersvc (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe
08:20:07.0049 5428 dgdersvc - ok
08:20:07.0127 5428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:20:07.0142 5428 Dhcp - ok
08:20:07.0158 5428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:20:07.0174 5428 discache - ok
08:20:07.0205 5428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:20:07.0205 5428 Disk - ok
08:20:07.0330 5428 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
08:20:07.0330 5428 DKbFltr - ok
08:20:07.0376 5428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:20:07.0376 5428 Dnscache - ok
08:20:07.0439 5428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:20:07.0454 5428 dot3svc - ok
08:20:07.0501 5428 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:20:07.0501 5428 Dot4 - ok
08:20:07.0548 5428 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:20:07.0548 5428 Dot4Print - ok
08:20:07.0564 5428 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:20:07.0579 5428 dot4usb - ok
08:20:07.0626 5428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:20:07.0626 5428 DPS - ok
08:20:07.0657 5428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:20:07.0673 5428 drmkaud - ok
08:20:07.0751 5428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:20:07.0798 5428 DXGKrnl - ok
08:20:07.0829 5428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:20:07.0829 5428 EapHost - ok
08:20:08.0000 5428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:20:08.0110 5428 ebdrv - ok
08:20:08.0219 5428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:20:08.0219 5428 EFS - ok
08:20:08.0297 5428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:20:08.0328 5428 ehRecvr - ok
08:20:08.0359 5428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:20:08.0359 5428 ehSched - ok
08:20:08.0437 5428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:20:08.0453 5428 elxstor - ok
08:20:08.0578 5428 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
08:20:08.0609 5428 ePowerSvc - ok
08:20:08.0734 5428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:20:08.0734 5428 ErrDev - ok
08:20:08.0812 5428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:20:08.0843 5428 EventSystem - ok
08:20:09.0014 5428 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:20:09.0061 5428 EvtEng - ok
08:20:09.0170 5428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:20:09.0170 5428 exfat - ok
08:20:09.0202 5428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:20:09.0217 5428 fastfat - ok
08:20:09.0295 5428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:20:09.0326 5428 Fax - ok
08:20:09.0358 5428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:20:09.0358 5428 fdc - ok
08:20:09.0389 5428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:20:09.0404 5428 fdPHost - ok
08:20:09.0420 5428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:20:09.0420 5428 FDResPub - ok
08:20:09.0436 5428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:20:09.0451 5428 FileInfo - ok
08:20:09.0467 5428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:20:09.0467 5428 Filetrace - ok
08:20:09.0482 5428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:20:09.0482 5428 flpydisk - ok
08:20:09.0545 5428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:20:09.0560 5428 FltMgr - ok
08:20:09.0638 5428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:20:09.0670 5428 FontCache - ok
08:20:09.0732 5428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:20:09.0748 5428 FontCache3.0.0.0 - ok
08:20:09.0794 5428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:20:09.0794 5428 FsDepends - ok
08:20:09.0841 5428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:20:09.0841 5428 Fs_Rec - ok
08:20:09.0888 5428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:20:09.0904 5428 fvevol - ok
08:20:09.0919 5428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:20:09.0919 5428 gagp30kx - ok
08:20:09.0982 5428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:20:09.0982 5428 GEARAspiWDM - ok
08:20:10.0044 5428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:20:10.0091 5428 gpsvc - ok
08:20:10.0200 5428 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
08:20:10.0247 5428 Greg_Service - ok
08:20:10.0356 5428 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:10.0356 5428 gupdate - ok
08:20:10.0372 5428 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:10.0387 5428 gupdatem - ok
08:20:10.0434 5428 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:20:10.0450 5428 gusvc - ok
08:20:10.0590 5428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:20:10.0590 5428 hcw85cir - ok
08:20:10.0652 5428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:20:10.0684 5428 HdAudAddService - ok
08:20:10.0730 5428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:20:10.0746 5428 HDAudBus - ok
08:20:10.0762 5428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:20:10.0762 5428 HidBatt - ok
08:20:10.0777 5428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:20:10.0793 5428 HidBth - ok
08:20:10.0793 5428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:20:10.0808 5428 HidIr - ok
08:20:10.0824 5428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:20:10.0824 5428 hidserv - ok
08:20:10.0902 5428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:20:10.0902 5428 HidUsb - ok
08:20:10.0964 5428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:20:10.0964 5428 hkmsvc - ok
08:20:11.0011 5428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:20:11.0042 5428 HomeGroupListener - ok
08:20:11.0089 5428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:20:11.0105 5428 HomeGroupProvider - ok
08:20:11.0152 5428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:20:11.0152 5428 HpSAMD - ok
08:20:11.0323 5428 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
08:20:11.0370 5428 HPSLPSVC - ok
08:20:11.0448 5428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:20:11.0479 5428 HTTP - ok
08:20:11.0526 5428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:20:11.0526 5428 hwpolicy - ok
08:20:11.0589 5428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:20:11.0589 5428 i8042prt - ok
08:20:11.0635 5428 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
08:20:11.0635 5428 iaStor - ok
08:20:11.0745 5428 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:20:11.0745 5428 IAStorDataMgrSvc - ok
08:20:11.0807 5428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:20:11.0823 5428 iaStorV - ok
08:20:11.0932 5428 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:20:11.0932 5428 IDriverT - ok
08:20:12.0041 5428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:20:12.0103 5428 idsvc - ok
08:20:12.0525 5428 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:20:12.0712 5428 igfx - ok
08:20:12.0837 5428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:20:12.0852 5428 iirsp - ok
08:20:12.0961 5428 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
08:20:12.0961 5428 IJPLMSVC - ok
08:20:13.0039 5428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:20:13.0086 5428 IKEEXT - ok
08:20:13.0164 5428 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
08:20:13.0180 5428 int15.sys - ok
08:20:13.0367 5428 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
08:20:13.0476 5428 IntcAzAudAddService - ok
08:20:13.0617 5428 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
08:20:13.0617 5428 IntcHdmiAddService - ok
08:20:13.0663 5428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:20:13.0663 5428 intelide - ok
08:20:13.0695 5428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:20:13.0695 5428 intelppm - ok
08:20:13.0741 5428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:20:13.0741 5428 IPBusEnum - ok
08:20:13.0773 5428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:20:13.0788 5428 IpFilterDriver - ok
08:20:13.0835 5428 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:20:13.0866 5428 iphlpsvc - ok
08:20:13.0913 5428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:20:13.0913 5428 IPMIDRV - ok
08:20:13.0944 5428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:20:13.0960 5428 IPNAT - ok
08:20:14.0053 5428 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
08:20:14.0100 5428 iPod Service - ok
08:20:14.0131 5428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:20:14.0131 5428 IRENUM - ok
08:20:14.0163 5428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:20:14.0163 5428 isapnp - ok
08:20:14.0225 5428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:20:14.0241 5428 iScsiPrt - ok
08:20:14.0256 5428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:20:14.0256 5428 kbdclass - ok
08:20:14.0287 5428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:20:14.0287 5428 kbdhid - ok
08:20:14.0334 5428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:14.0334 5428 KeyIso - ok
08:20:14.0350 5428 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:20:14.0350 5428 KSecDD - ok
08:20:14.0381 5428 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:20:14.0381 5428 KSecPkg - ok
08:20:14.0428 5428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:20:14.0428 5428 ksthunk - ok
08:20:14.0475 5428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:20:14.0506 5428 KtmRm - ok
08:20:14.0537 5428 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:20:14.0537 5428 L1C - ok
08:20:14.0599 5428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:20:14.0615 5428 LanmanServer - ok
08:20:14.0662 5428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:20:14.0677 5428 LanmanWorkstation - ok
08:20:14.0724 5428 Lbd - ok
08:20:14.0740 5428 LgBttPort - ok
08:20:14.0755 5428 lgbusenum - ok
08:20:14.0755 5428 LGVMODEM - ok
08:20:14.0802 5428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:20:14.0818 5428 lltdio - ok
08:20:14.0849 5428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:20:14.0865 5428 lltdsvc - ok
08:20:14.0896 5428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:20:14.0896 5428 lmhosts - ok
08:20:14.0927 5428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:20:14.0927 5428 LSI_FC - ok
08:20:14.0958 5428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:20:14.0974 5428 LSI_SAS - ok
08:20:14.0989 5428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:20:14.0989 5428 LSI_SAS2 - ok
08:20:15.0021 5428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:20:15.0021 5428 LSI_SCSI - ok
08:20:15.0052 5428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:20:15.0067 5428 luafv - ok
08:20:15.0099 5428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:20:15.0099 5428 Mcx2Svc - ok
08:20:15.0145 5428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:20:15.0145 5428 megasas - ok
08:20:15.0192 5428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:20:15.0208 5428 MegaSR - ok
08:20:15.0286 5428 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:20:15.0286 5428 Microsoft Office Groove Audit Service - ok
08:20:15.0317 5428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:15.0317 5428 MMCSS - ok
08:20:15.0348 5428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:20:15.0348 5428 Modem - ok
08:20:15.0379 5428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:20:15.0395 5428 monitor - ok
08:20:15.0442 5428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:20:15.0442 5428 mouclass - ok
08:20:15.0457 5428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:20:15.0473 5428 mouhid - ok
08:20:15.0504 5428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:20:15.0504 5428 mountmgr - ok
08:20:15.0598 5428 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:20:15.0598 5428 MozillaMaintenance - ok
08:20:15.0645 5428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:20:15.0645 5428 mpio - ok
08:20:15.0676 5428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:20:15.0676 5428 mpsdrv - ok
08:20:15.0754 5428 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:20:15.0785 5428 MpsSvc - ok
08:20:15.0832 5428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:20:15.0832 5428 MRxDAV - ok
08:20:15.0879 5428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:20:15.0894 5428 mrxsmb - ok
08:20:15.0941 5428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:20:15.0957 5428 mrxsmb10 - ok
08:20:15.0972 5428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:20:15.0972 5428 mrxsmb20 - ok
08:20:16.0003 5428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:20:16.0019 5428 msahci - ok
08:20:16.0050 5428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:20:16.0050 5428 msdsm - ok
08:20:16.0097 5428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:20:16.0097 5428 MSDTC - ok
08:20:16.0159 5428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:20:16.0159 5428 Msfs - ok
08:20:16.0253 5428 msftesql$COMBIT_CRM (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
08:20:16.0269 5428 msftesql$COMBIT_CRM - ok
08:20:16.0284 5428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:20:16.0284 5428 mshidkmdf - ok
08:20:16.0331 5428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:20:16.0331 5428 msisadrv - ok
08:20:16.0378 5428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:20:16.0378 5428 MSiSCSI - ok
08:20:16.0393 5428 msiserver - ok
08:20:16.0440 5428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:20:16.0440 5428 MSKSSRV - ok
08:20:16.0440 5428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:20:16.0440 5428 MSPCLOCK - ok
08:20:16.0456 5428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:20:16.0456 5428 MSPQM - ok
08:20:16.0518 5428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:20:16.0534 5428 MsRPC - ok
08:20:16.0581 5428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:20:16.0581 5428 mssmbios - ok
08:20:16.0596 5428 MSSQL$COMBIT_CRM - ok
08:20:16.0659 5428 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:20:16.0659 5428 MSSQLServerADHelper - ok
08:20:16.0690 5428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:20:16.0690 5428 MSTEE - ok
08:20:16.0705 5428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:20:16.0705 5428 MTConfig - ok
08:20:16.0737 5428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:20:16.0737 5428 Mup - ok
08:20:16.0768 5428 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:20:16.0768 5428 mwlPSDFilter - ok
08:20:16.0799 5428 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:20:16.0799 5428 mwlPSDNServ - ok
08:20:16.0815 5428 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:20:16.0815 5428 mwlPSDVDisk - ok
08:20:16.0893 5428 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
08:20:16.0908 5428 MWLService - ok
08:20:16.0971 5428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:20:16.0986 5428 napagent - ok
08:20:17.0049 5428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:20:17.0064 5428 NativeWifiP - ok
08:20:17.0158 5428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:20:17.0205 5428 NDIS - ok
08:20:17.0251 5428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:20:17.0251 5428 NdisCap - ok
08:20:17.0283 5428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:20:17.0283 5428 NdisTapi - ok
08:20:17.0329 5428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:20:17.0345 5428 Ndisuio - ok
08:20:17.0392 5428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:20:17.0392 5428 NdisWan - ok
08:20:17.0423 5428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:20:17.0439 5428 NDProxy - ok
08:20:17.0501 5428 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
08:20:17.0501 5428 Net Driver HPZ12 - ok
08:20:17.0532 5428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:20:17.0548 5428 NetBIOS - ok
08:20:17.0595 5428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:20:17.0610 5428 NetBT - ok
08:20:17.0641 5428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:17.0641 5428 Netlogon - ok
08:20:17.0688 5428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:20:17.0719 5428 Netman - ok
08:20:17.0797 5428 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:17.0813 5428 NetMsmqActivator - ok
08:20:17.0829 5428 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:17.0829 5428 NetPipeActivator - ok
08:20:17.0875 5428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:20:17.0907 5428 netprofm - ok
08:20:18.0016 5428 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
08:20:18.0078 5428 netr28ux - ok
08:20:18.0156 5428 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:18.0156 5428 NetTcpActivator - ok
08:20:18.0156 5428 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:18.0156 5428 NetTcpPortSharing - ok
08:20:18.0187 5428 NETw1v64 - ok
08:20:18.0546 5428 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:20:18.0718 5428 NETw5s64 - ok
08:20:19.0264 5428 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:20:19.0498 5428 NETwNs64 - ok
08:20:19.0623 5428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:20:19.0638 5428 nfrd960 - ok
08:20:19.0685 5428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:20:19.0701 5428 NlaSvc - ok
08:20:19.0716 5428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:20:19.0732 5428 Npfs - ok
08:20:19.0747 5428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:20:19.0747 5428 nsi - ok
08:20:19.0779 5428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:20:19.0779 5428 nsiproxy - ok
08:20:19.0903 5428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:20:19.0950 5428 Ntfs - ok
08:20:20.0059 5428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:20:20.0059 5428 Null - ok
08:20:20.0091 5428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:20:20.0091 5428 nvraid - ok
08:20:20.0122 5428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:20:20.0122 5428 nvstor - ok
08:20:20.0169 5428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:20:20.0184 5428 nv_agp - ok
08:20:20.0293 5428 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:20:20.0325 5428 odserv - ok
08:20:20.0356 5428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:20:20.0356 5428 ohci1394 - ok
08:20:20.0434 5428 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:20:20.0434 5428 ose - ok
08:20:20.0496 5428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:20.0512 5428 p2pimsvc - ok
08:20:20.0543 5428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:20:20.0574 5428 p2psvc - ok
08:20:20.0621 5428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:20:20.0621 5428 Parport - ok
08:20:20.0637 5428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:20:20.0652 5428 partmgr - ok
08:20:20.0668 5428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:20:20.0668 5428 PcaSvc - ok
08:20:20.0730 5428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:20:20.0730 5428 pci - ok
08:20:20.0746 5428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:20:20.0746 5428 pciide - ok
08:20:20.0793 5428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:20:20.0808 5428 pcmcia - ok
08:20:20.0824 5428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:20:20.0839 5428 pcw - ok
08:20:20.0871 5428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:20:20.0902 5428 PEAUTH - ok
08:20:20.0964 5428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:20:20.0964 5428 PerfHost - ok
08:20:21.0073 5428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:20:21.0120 5428 pla - ok
08:20:21.0198 5428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:20:21.0214 5428 PlugPlay - ok
08:20:21.0307 5428 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
08:20:21.0307 5428 Pml Driver HPZ12 - ok
08:20:21.0339 5428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:20:21.0339 5428 PNRPAutoReg - ok
08:20:21.0370 5428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:21.0370 5428 PNRPsvc - ok
08:20:21.0432 5428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:20:21.0463 5428 PolicyAgent - ok
08:20:21.0495 5428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:20:21.0495 5428 Power - ok
08:20:21.0573 5428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:20:21.0573 5428 PptpMiniport - ok
08:20:21.0604 5428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:20:21.0604 5428 Processor - ok
08:20:21.0651 5428 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:20:21.0666 5428 ProfSvc - ok
08:20:21.0697 5428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:21.0697 5428 ProtectedStorage - ok
08:20:21.0760 5428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:20:21.0760 5428 Psched - ok
08:20:21.0853 5428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:20:21.0916 5428 ql2300 - ok
08:20:22.0025 5428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:20:22.0025 5428 ql40xx - ok
08:20:22.0072 5428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:20:22.0087 5428 QWAVE - ok
08:20:22.0087 5428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:20:22.0103 5428 QWAVEdrv - ok
08:20:22.0119 5428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:20:22.0119 5428 RasAcd - ok
08:20:22.0150 5428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:20:22.0165 5428 RasAgileVpn - ok
08:20:22.0290 5428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:20:22.0290 5428 RasAuto - ok
08:20:22.0337 5428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:20:22.0337 5428 Rasl2tp - ok
08:20:22.0399 5428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:20:22.0431 5428 RasMan - ok
08:20:22.0462 5428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:20:22.0462 5428 RasPppoe - ok
08:20:22.0477 5428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:20:22.0477 5428 RasSstp - ok
08:20:22.0524 5428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:20:22.0540 5428 rdbss - ok
08:20:22.0571 5428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:20:22.0571 5428 rdpbus - ok
08:20:22.0587 5428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:20:22.0587 5428 RDPCDD - ok
08:20:22.0633 5428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:20:22.0633 5428 RDPENCDD - ok
08:20:22.0649 5428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:20:22.0649 5428 RDPREFMP - ok
08:20:22.0680 5428 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:20:22.0680 5428 RDPWD - ok
08:20:22.0743 5428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:20:22.0743 5428 rdyboost - ok
08:20:22.0914 5428 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:20:22.0945 5428 RegSrvc - ok
08:20:22.0977 5428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:20:22.0992 5428 RemoteAccess - ok
08:20:23.0008 5428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:20:23.0023 5428 RemoteRegistry - ok
08:20:23.0101 5428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:20:23.0101 5428 RFCOMM - ok
08:20:23.0133 5428 RimUsb - ok
08:20:23.0211 5428 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:20:23.0211 5428 RimVSerPort - ok
08:20:23.0242 5428 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
08:20:23.0242 5428 ROOTMODEM - ok
08:20:23.0289 5428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:20:23.0289 5428 RpcEptMapper - ok
08:20:23.0320 5428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:20:23.0320 5428 RpcLocator - ok
08:20:23.0382 5428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:23.0398 5428 RpcSs - ok
08:20:23.0429 5428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:20:23.0429 5428 rspndr - ok
08:20:23.0523 5428 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
08:20:23.0538 5428 RS_Service - ok
08:20:23.0585 5428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:23.0585 5428 SamSs - ok
08:20:23.0803 5428 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
08:20:23.0819 5428 SBAMSvc - ok
08:20:23.0975 5428 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
08:20:23.0975 5428 sbapifs - ok
08:20:24.0006 5428 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
08:20:24.0022 5428 sbhips - ok
08:20:24.0053 5428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:20:24.0053 5428 sbp2port - ok
08:20:24.0100 5428 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
08:20:24.0100 5428 SBRE - ok
08:20:24.0271 5428 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:20:24.0303 5428 SBSDWSCService - ok
08:20:24.0349 5428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:20:24.0349 5428 SCardSvr - ok
08:20:24.0427 5428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:20:24.0427 5428 scfilter - ok
08:20:24.0505 5428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:20:24.0537 5428 Schedule - ok
08:20:24.0583 5428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:24.0583 5428 SCPolicySvc - ok
08:20:24.0630 5428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:20:24.0630 5428 SDRSVC - ok
08:20:24.0708 5428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:20:24.0708 5428 secdrv - ok
08:20:24.0755 5428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:20:24.0755 5428 seclogon - ok
08:20:24.0786 5428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:20:24.0786 5428 SENS - ok
08:20:24.0817 5428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:20:24.0817 5428 SensrSvc - ok
08:20:24.0849 5428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:20:24.0849 5428 Serenum - ok
08:20:24.0880 5428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:20:24.0880 5428 Serial - ok
08:20:24.0911 5428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:20:24.0927 5428 sermouse - ok
08:20:24.0973 5428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:20:24.0989 5428 SessionEnv - ok
08:20:25.0020 5428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:20:25.0020 5428 sffdisk - ok
08:20:25.0051 5428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:20:25.0051 5428 sffp_mmc - ok
08:20:25.0067 5428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:20:25.0083 5428 sffp_sd - ok
08:20:25.0114 5428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:20:25.0114 5428 sfloppy - ok
08:20:25.0207 5428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:20:25.0223 5428 SharedAccess - ok
08:20:25.0285 5428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:20:25.0317 5428 ShellHWDetection - ok
08:20:25.0332 5428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:20:25.0348 5428 SiSRaid2 - ok
08:20:25.0379 5428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:20:25.0379 5428 SiSRaid4 - ok
08:20:25.0441 5428 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:20:25.0457 5428 SkypeUpdate - ok
08:20:25.0488 5428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:20:25.0488 5428 Smb - ok
08:20:25.0535 5428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:20:25.0535 5428 SNMPTRAP - ok
08:20:25.0675 5428 SNP2UVC (f9ee0c3088f7f5306ac6ee67b47e665d) C:\Windows\system32\DRIVERS\snp2uvc.sys
08:20:25.0722 5428 SNP2UVC - ok
08:20:25.0816 5428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:20:25.0816 5428 spldr - ok
08:20:25.0894 5428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:20:25.0909 5428 Spooler - ok
08:20:26.0112 5428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:20:26.0190 5428 sppsvc - ok
08:20:26.0315 5428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:20:26.0331 5428 sppuinotify - ok
08:20:26.0409 5428 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:20:26.0409 5428 SQLBrowser - ok
08:20:26.0502 5428 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:20:26.0502 5428 SQLWriter - ok
08:20:26.0580 5428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:20:26.0611 5428 srv - ok
08:20:26.0643 5428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:20:26.0658 5428 srv2 - ok
08:20:26.0689 5428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:20:26.0689 5428 srvnet - ok
08:20:26.0736 5428 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
08:20:26.0736 5428 ssadbus - ok
08:20:26.0767 5428 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:20:26.0767 5428 ssadmdfl - ok
08:20:26.0814 5428 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
08:20:26.0814 5428 ssadmdm - ok
08:20:26.0861 5428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:20:26.0877 5428 SSDPSRV - ok
08:20:26.0892 5428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:20:26.0892 5428 SstpSvc - ok
08:20:26.0923 5428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:20:26.0923 5428 stexstor - ok
08:20:26.0970 5428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:20:27.0001 5428 stisvc - ok
08:20:27.0048 5428 SWDUMon (0cd5e2c59264fad184685d2a61ad8473) C:\Windows\system32\DRIVERS\SWDUMon.sys
08:20:27.0048 5428 SWDUMon - ok
08:20:27.0095 5428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:20:27.0095 5428 swenum - ok
08:20:27.0142 5428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:20:27.0157 5428 swprv - ok
08:20:27.0204 5428 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
08:20:27.0220 5428 SynTP - ok
08:20:27.0329 5428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:20:27.0376 5428 SysMain - ok
08:20:27.0485 5428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:20:27.0485 5428 TabletInputService - ok
08:20:27.0516 5428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:20:27.0547 5428 TapiSrv - ok
08:20:27.0579 5428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:20:27.0579 5428 TBS - ok
08:20:27.0735 5428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:20:27.0797 5428 Tcpip - ok
08:20:28.0000 5428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:20:28.0015 5428 TCPIP6 - ok
08:20:28.0125 5428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:20:28.0125 5428 tcpipreg - ok
08:20:28.0187 5428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:20:28.0187 5428 TDPIPE - ok
08:20:28.0234 5428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:20:28.0234 5428 TDTCP - ok
08:20:28.0296 5428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:20:28.0296 5428 tdx - ok
08:20:28.0343 5428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:20:28.0343 5428 TermDD - ok
08:20:28.0390 5428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:20:28.0421 5428 TermService - ok
08:20:28.0468 5428 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
08:20:28.0468 5428 TFsExDisk - ok
08:20:28.0499 5428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:20:28.0499 5428 Themes - ok
08:20:28.0530 5428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:28.0530 5428 THREADORDER - ok
08:20:28.0546 5428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:20:28.0546 5428 TrkWks - ok
08:20:28.0624 5428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:20:28.0639 5428 TrustedInstaller - ok
08:20:28.0671 5428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:20:28.0686 5428 tssecsrv - ok
08:20:28.0733 5428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:20:28.0733 5428 TsUsbFlt - ok
08:20:28.0920 5428 TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
08:20:28.0983 5428 TuneUp.UtilitiesSvc - ok
08:20:29.0029 5428 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
08:20:29.0029 5428 TuneUpUtilitiesDrv - ok
08:20:29.0170 5428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:20:29.0185 5428 tunnel - ok
08:20:29.0279 5428 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
08:20:29.0326 5428 TVersityMediaServer - ok
08:20:29.0419 5428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:20:29.0419 5428 uagp35 - ok
08:20:29.0466 5428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:20:29.0482 5428 udfs - ok
08:20:29.0529 5428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:20:29.0529 5428 UI0Detect - ok
08:20:29.0575 5428 ui11drdr (acec7381128e77d3b262c1f8da2e9819) C:\Windows\system32\DRIVERS\ui11drdr.sys
08:20:29.0575 5428 ui11drdr - ok
08:20:29.0622 5428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:20:29.0622 5428 uliagpkx - ok
08:20:29.0653 5428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:20:29.0653 5428 umbus - ok
08:20:29.0685 5428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:20:29.0685 5428 UmPass - ok
08:20:29.0763 5428 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:20:29.0778 5428 Updater Service - ok
08:20:29.0825 5428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:20:29.0841 5428 upnphost - ok
08:20:29.0872 5428 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
08:20:29.0872 5428 usbbus - ok
08:20:29.0903 5428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:20:29.0903 5428 usbccgp - ok
08:20:29.0965 5428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:20:29.0965 5428 usbcir - ok
08:20:30.0012 5428 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
08:20:30.0012 5428 UsbDiag - ok
08:20:30.0043 5428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:20:30.0059 5428 usbehci - ok
08:20:30.0090 5428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:20:30.0106 5428 usbhub - ok
08:20:30.0153 5428 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
08:20:30.0153 5428 USBModem - ok
08:20:30.0184 5428 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:20:30.0184 5428 usbohci - ok
08:20:30.0215 5428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:20:30.0215 5428 usbprint - ok
08:20:30.0262 5428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:20:30.0262 5428 usbscan - ok
08:20:30.0309 5428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:20:30.0309 5428 USBSTOR - ok
08:20:30.0324 5428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:20:30.0324 5428 usbuhci - ok
08:20:30.0371 5428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:20:30.0371 5428 usbvideo - ok
08:20:30.0449 5428 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
08:20:30.0449 5428 usb_rndisx - ok
08:20:30.0480 5428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:20:30.0480 5428 UxSms - ok
08:20:30.0527 5428 UxTuneUp (5b0cd0238b864ca71ea80e4fa1a988af) C:\Windows\System32\uxtuneup.dll
08:20:30.0543 5428 UxTuneUp - ok
08:20:30.0574 5428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:30.0574 5428 VaultSvc - ok
08:20:30.0605 5428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:20:30.0605 5428 vdrvroot - ok
08:20:30.0683 5428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:20:30.0714 5428 vds - ok
08:20:30.0745 5428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:20:30.0761 5428 vga - ok
08:20:30.0792 5428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:20:30.0792 5428 VgaSave - ok
08:20:30.0823 5428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:20:30.0839 5428 vhdmp - ok
08:20:30.0870 5428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:20:30.0870 5428 viaide - ok
08:20:30.0901 5428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:20:30.0901 5428 volmgr - ok
08:20:30.0964 5428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:20:30.0979 5428 volmgrx - ok
08:20:31.0011 5428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:20:31.0026 5428 volsnap - ok
08:20:31.0057 5428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:20:31.0073 5428 vsmraid - ok
08:20:31.0182 5428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:20:31.0260 5428 VSS - ok
08:20:31.0369 5428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:20:31.0369 5428 vwifibus - ok
08:20:31.0385 5428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:20:31.0401 5428 vwififlt - ok
08:20:31.0432 5428 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:20:31.0432 5428 vwifimp - ok
08:20:31.0479 5428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:20:31.0494 5428 W32Time - ok
08:20:31.0541 5428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:20:31.0541 5428 WacomPen - ok
08:20:31.0588 5428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:31.0588 5428 WANARP - ok
08:20:31.0603 5428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:31.0603 5428 Wanarpv6 - ok
08:20:31.0713 5428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:20:31.0759 5428 wbengine - ok
08:20:31.0853 5428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:20:31.0884 5428 WbioSrvc - ok
08:20:31.0931 5428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:20:31.0962 5428 wcncsvc - ok
08:20:31.0978 5428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:20:31.0978 5428 WcsPlugInService - ok
08:20:32.0040 5428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:20:32.0040 5428 Wd - ok
08:20:32.0087 5428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:20:32.0118 5428 Wdf01000 - ok
08:20:32.0196 5428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:32.0196 5428 WdiServiceHost - ok
08:20:32.0212 5428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:32.0212 5428 WdiSystemHost - ok
08:20:32.0274 5428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:20:32.0290 5428 WebClient - ok
08:20:32.0305 5428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:20:32.0321 5428 Wecsvc - ok
08:20:32.0352 5428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:20:32.0352 5428 wercplsupport - ok
08:20:32.0383 5428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:20:32.0399 5428 WerSvc - ok
08:20:32.0461 5428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:20:32.0461 5428 WfpLwf - ok
08:20:32.0493 5428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:20:32.0493 5428 WIMMount - ok
08:20:32.0539 5428 WinDefend - ok
08:20:32.0555 5428 WinHttpAutoProxySvc - ok
08:20:32.0617 5428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:20:32.0633 5428 Winmgmt - ok
08:20:32.0836 5428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:20:32.0914 5428 WinRM - ok
08:20:33.0054 5428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:20:33.0054 5428 WinUsb - ok
08:20:33.0132 5428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:20:33.0163 5428 Wlansvc - ok
08:20:33.0351 5428 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:20:33.0413 5428 wlidsvc - ok
08:20:33.0538 5428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:20:33.0538 5428 WmiAcpi - ok
08:20:33.0600 5428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:20:33.0600 5428 wmiApSrv - ok
08:20:33.0678 5428 WMPNetworkSvc - ok
08:20:33.0709 5428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:20:33.0709 5428 WPCSvc - ok
08:20:33.0756 5428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:20:33.0756 5428 WPDBusEnum - ok
08:20:33.0787 5428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:20:33.0803 5428 ws2ifsl - ok
08:20:33.0819 5428 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:20:33.0834 5428 wscsvc - ok
08:20:33.0881 5428 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:20:33.0881 5428 WSDPrintDevice - ok
08:20:33.0897 5428 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
08:20:33.0897 5428 WSDScan - ok
08:20:33.0912 5428 WSearch - ok
08:20:34.0053 5428 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:20:34.0115 5428 wuauserv - ok
08:20:34.0255 5428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:20:34.0255 5428 WudfPf - ok
08:20:34.0302 5428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:20:34.0302 5428 WUDFRd - ok
08:20:34.0349 5428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:20:34.0365 5428 wudfsvc - ok
08:20:34.0411 5428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:20:34.0411 5428 WwanSvc - ok
08:20:34.0505 5428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:20:34.0723 5428 \Device\Harddisk0\DR0 - ok
08:20:35.0410 5428 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:20:35.0425 5428 \Device\Harddisk1\DR1 - ok
08:20:35.0425 5428 Boot (0x1200) (e13a9652ddd6960b5d579fbc33fa6e65) \Device\Harddisk0\DR0\Partition0
08:20:35.0425 5428 \Device\Harddisk0\DR0\Partition0 - ok
08:20:35.0441 5428 Boot (0x1200) (1a1421cc36e595f247b565764cb4bd35) \Device\Harddisk0\DR0\Partition1
08:20:35.0441 5428 \Device\Harddisk0\DR0\Partition1 - ok
08:20:35.0457 5428 Boot (0x1200) (394051e83b9f0526742b1ee899a08775) \Device\Harddisk1\DR1\Partition0
08:20:35.0457 5428 \Device\Harddisk1\DR1\Partition0 - ok
08:20:35.0457 5428 ============================================================
08:20:35.0457 5428 Scan finished
08:20:35.0457 5428 ============================================================
08:20:35.0472 4744 Detected object count: 0
08:20:35.0472 4744 Actual detected object count: 0
08:21:03.0864 4628 Deinitialize success
|
|
25.07.2012, 16:31
| #28 |
| /// Helfer-Team | GVU Trojaner mit Kamera Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
:Files
C:\Users\JoeCool\AppData\Roaming\13001.025
C:\Users\JoeCool\AppData\Roaming\13001.026
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! dann: Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren. Start => Ausführen => dort reinschreiben ComboFix /Uninstall => Enter drücken Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst. |
|
25.07.2012, 20:16
| #29 |
| | GVU Trojaner mit Kamera Hi, OTL hat den Bruchteil einer Sekunde gebraucht und wollte auch keinen Neustart ??? Hier das Log: Code:
ATTFilter ========== OTL ==========
========== FILES ==========
C:\Users\JoeCool\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.026 folder moved successfully.
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_211450
|
|
25.07.2012, 20:21
| #30 |
| /// Helfer-Team | GVU Trojaner mit Kamera Sehr gut!  Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
| Themen zu GVU Trojaner mit Kamera |
| .dll, appdatalow, avg, avg secure search, cftmon.lnk, desktop, firefox, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-trojaner, infizierte dateien, internet, kaspersky, locker, plug-in, programm, registry, reveton.c, safer networking, secure search, softonic, verweise, warnung, webcam gvu trojaner, webcamfenster, windowsunlocker |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
