| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2012, 21:01
| #1 | |||||
| |  TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Hallo User, ich habe mir offensichtlich beim Surfen einige Trojaner eingefangen und erhalte ständig Meldungen von Avira, dass ich mit TR/ATRAPS.Gen und TR.ATRAPS.Gen2 infiziert sei. Seit ganz Kurzem habe ich auch Meldungen erhalten von den Trojanern TR/Kazy.86117.1 und TR/Rogue.KD.694391.1 von Avira, mit den anderen beiden Meldungen werd ich nun in Ruhe gelassen, seltsamerweise und hab jetzt relativ lange (ca. eine Stunde) überhaupt keine Meldung mehr bekommen. Ich habe auch mal einen schnellen Scan mit Malwarebytes gemacht und als Ergebnis stand leider was von ZeroAccess und wie ich hier gelesen hab, würde das wohl heißen: System neu aufsetzen. Das nur im Vorraus, trotzdem wäre es nett, wenn ihr euch die Logs anschaut, vllt. könnt ihr mir dazu ja doch noch was Anderes sagen. Bevor ich die Logs poste, erstmal einige Sachen zum Verlauf. Verlauf Also, anscheinend hab ich mir die Schadsoftware beim Surfen eingefangen. Ich erhielt eigentlich zeitgleich sogar zwei Meldungen, einmal von Avira (kostenlose Version) und einmal vom systeminternen Windows Defender. Avira hat die beiden Trojaner ATRAPS/Gen und ATRAPS/Gen.2 gemeldet, vom Windows Defender weiß ich nicht mehr ganz genau, ob er diese Trojaner auch benannt hat, zumindest hat er eine "schwerwiegende" Bedrohung gemeldet. Als ich diese Meldungen bekommen hab, öffnete sich das UAC-Fenster, als ausführendes Programm gab sich Adobe aus (Flash, wenn ich mich richtig erinnere). Ich habe dies nicht zugelassen, weil es mir verdächtig vorkam. Das entsprechende UAC-Fenster tauchte allerdings immer wieder auf, ich habe aber abgelehnt. Aber permanent aufklappende UAC-Fenster stören halt, weswegen ich mich vom Benutzerkonto abgemeldet habe und wieder angemeldet habe. Windows Defender mit seinem Fenster hat da leider nicht reagiert und ich hab es beim Abmelden "gewaltsam" beendet. Tatsächlich, nach Ab- und Wiederanmeldung tauchte das Adobe-UAC-Fenster nicht mehr auf. Bei der Wiederanmeldung hat Windows Defender mich gefragt, ob einige Funktionen von explorer.exe (wohl der Windows-Explorer?) blockiert werden sollen und ich habe zugestimmt. Avira meldete allerdings immer wieder, etwa im Fünf-Minuten-Takt, die beiden Trojaner. Wenn ich mich recht erinnere, meldete Avira auch Probleme in Zusammenhang mit der explorer.exe, ein Scan der Datei hat allerdings nix ergeben (angeblich ist die Datei nicht infiziert lt. Avira). Ich habe es auch mit Neustarts versucht, Problem blieb bestehen. Jetzt habe ich, um die Logs zu erhalten, die Programme ausgeführt, die bei euch in der Anleitung stehen. Seit Kurzem meldete Avira nun die zwei weiteren Trojaner. Weitere Auffälligkeiten Ich habe die Meldungen auffälligerweise dann bekommen, wenn ich eine W-Lan-Verbindung hatte (aller paar Minuten). Hatte ich die Verbindung getrennt, kam iirc keine Meldung (oder viel weniger), beim Start einer Verbindung kam gleich wieder eine Meldung. Momentan hab ich trotz Verbindung schon recht lange keine Meldung mehr erhalten, das scheint zeitlich zusammenzufallen mit den neuen Trojanermeldungen (Kazy und Rogue). Ich weiß nicht, ob das irgendeine Bewandnis hat und poste es einfach hier mal. Im Windows-Defender/Software-Explorer bei "zur Zeit ausgeführte Programme" haben die meisten Prozesse unter dem Namen "Betriebssystem Microsoft®" so ein Icon, das aussieht wie ein Fenster; bei explorer.exe findet sich hingegen ein Icon, dass dem Computer-Icon (vormals "Arbeitsplatz") ähnelt. Habe den Prozess auch einfach mal beendet, um laienhaft zu schauen, was passiert, einige Sachen, die mit diesem Prozess zusammenhingen verschwanden (z. B. Taskleiste) und tauchten wieder auf, nachdem sich der Prozess neugestartet hat. Meldungen von Avira blieben bestehen. Logs So, nachdem ich euch jetzt vielleicht ermüdet hab, nun die Logs. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2012 20:24:52 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free 4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.29 15:13:46 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.11 14:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (No Company Name) ========== MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.02.08 21:47:48 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2012.02.29 21:47:53 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms} IE - HKCU\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] [2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.04.29 12:50:06 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions [2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.04.29 12:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1997.04.10 00:55:32 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 20:06:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.07.22 10:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded [2012.07.22 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded [2012.07.22 10:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded [2012.07.22 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eddy und Co [2012.07.18 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Boven de Wolken_data [2012.07.15 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skat-Online ========== Files - Modified Within 30 Days ========== [2012.08.12 20:23:58 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.12 19:47:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.12 19:47:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.12 19:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.12 19:46:14 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys [2012.08.10 18:29:31 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk [2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.07.22 10:46:14 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2012.07.18 20:32:24 | 000,003,723 | ---- | M] () -- C:\Users\***\Documents\Boven de Wolken.aup ========== Files Created - No Company Name ========== [2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@ [2012.08.10 18:29:31 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.07.22 10:46:14 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk [2012.07.18 20:32:24 | 000,003,723 | ---- | C] () -- C:\Users\***\Documents\Boven de Wolken.aup [2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI [2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@ [2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI [2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL [2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini [2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst [2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm [2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM [2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story [2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF [2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand [2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks [2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView [2012.08.11 15:45:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.08.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free
4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00491F72-326D-486A-B59B-6C42742CE30C}" = rport=139 | protocol=6 | dir=out | app=system |
"{02D41DA6-9371-4FB9-91B8-E2AC8363BD74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B920991-1C35-4F3B-B14D-0926929DECE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19FBF757-D8C7-4CF4-BF16-1E8EDDACF0C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EDFA460-E536-40BA-93D6-92F74447FFF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2794B89D-8A51-4744-9AF0-7F9299A0BFDA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3B44C8DE-BE8E-498E-870C-A5A8BA80244C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41A9F118-9612-4CE0-9135-22426F8888A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F56DD90-686D-42DF-9BBC-818357A82C3E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68E5C90F-1D42-4DFC-9A64-E7EB72CCD7C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B0FF415-2D83-4C72-8968-EFB1C21DBC77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7305B40B-F62F-443D-9BC2-9BDA1F6782A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{86A7F893-107B-472A-9564-C3BF3BDE3217}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B74243B-67CF-47CE-9FBF-1B30C3BAB295}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C199A1F-05DD-4F9D-85BD-86E6D0BEFDDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A85693B2-93AD-48B3-8C58-1A4B0BC78F9C}" = lport=137 | protocol=17 | dir=in | app=system |
"{A97173BE-FBD7-44E4-A096-B1F5656964B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD5B04C2-04A3-4D29-AA28-DBE9630EA330}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B5E1ABFD-402A-4190-8247-96C7CCEA7EDB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B819FF43-4914-465B-83EE-9CF84C1C9DDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BDB1543A-B2A6-4AA3-BAA2-74B6D7582680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C92C3AEB-2E7F-4AFF-8DFB-BA4184A2CFE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9DC56A0-D51E-46AF-9514-FECF5BC61D86}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD097476-2B18-4516-B98D-26299A6888E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAAF3E71-6E16-4AED-B4BF-8B07D6AF5B2D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7297A5D-9973-4A10-8198-FB81DBB9DDCE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF05170C-065E-497F-9CFE-B1A367305EB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F1C5E518-B6F9-4263-8568-B54320FF359F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F1E6B836-8C59-4615-B74A-C063588793A7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AA9AB-42C8-4F3D-9256-6A7F96DD69B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{074D0620-D90E-4127-B797-0FFD8F6762C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12A8DE98-1AD0-4C61-912A-4E76CB0F7F54}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{144B8537-F57A-49CE-BB9E-057019EACB6E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{17E3FFCF-1592-4E2B-BFD5-14DBFA6BDA7D}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{22489136-AA07-4C74-8B42-BF98F8F887E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{2707B312-68C0-4A37-8A7C-5EC2EE2494FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29E725B3-3A92-43F4-AFAA-74EE4B37857D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2DA67581-A7DA-4F65-B9E3-463E8042309D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4BAAA90A-FE21-489C-8FEB-AD98F54E0F14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53A17D13-8E50-44ED-AC60-6C4D0F896E93}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{58C570CE-3EC4-47F8-BFC8-C2710D830DAF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6066D1BC-E83D-453C-9A13-F783C89EA3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62867A75-0D33-4511-A598-22E039039866}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{69738652-6541-4EF2-9D7B-E87F6CC23655}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{76A15512-CDB2-4E56-965B-E840E979EC72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7771613F-E604-45F1-9D9C-CFEEE5358ED6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83591B4F-7440-4BF9-A322-BA6F768C3640}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{953491EB-5A23-41A0-996E-D4CC2E73A76E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9EBB30FD-6109-4DCE-8C38-7D6285327DB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AAC4B0ED-56C5-428B-A5C5-3CB4A85A358C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B9DC143B-6364-4F7E-A4D3-C43EF9EC2D6F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{BB0E7FC6-7232-4523-915C-FF52EEC2EBDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C9F1ED27-7BF4-4431-B590-9DFCEA5DC605}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{DCC1AA4A-6CC6-4CA4-B2D2-667BB747B280}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E5804014-10BC-43D9-AA51-D42DAFB56F18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EACC7E42-99F6-488E-B981-75222DCA8941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EDCF72F0-7279-4A6A-8E38-C1F9FA28187B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F5691DEB-18BA-4A46-82F3-DC446BD85431}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FBBE2271-E2CD-4454-8E69-A02F6B5355E9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{008C73F6-42CC-49DA-8056-2DFD0F92FA21}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6A1E4700-F0E3-4349-9A13-54E3D77B1201}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AC39B74B-BEDD-41B0-9F7F-653535B1B8CC}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{D41B2A3A-EC74-4C9C-A898-C11A4F37555C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DF0340A8-7E6C-4C71-887F-41FA86C751E6}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe |
"UDP Query User{4D9DBE6D-3020-41B4-88AF-A77D472116B3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{913EEFFE-8126-4E2C-ACF0-E1BDB7F808BB}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{9DB93350-D455-4B83-A9D4-3EF6D2124D52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C9ABAD9F-378F-489E-AB43-22F0FDCA5D14}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FE844324-1CED-4502-AD50-BAD591BDE12B}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BACCCD-A20A-B42D-94FD-97E58A7E82EF}" = ccc-utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{549DEC06-C480-280A-6286-8C93409A933F}" = AMD Fuel
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6989007F-5785-44C3-BD8E-BEEEF58BB304}" = Deutsch (erweitert I)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A180ABF7-A88F-FEB2-E94D-ED459821B86B}" = AMD Catalyst Install Manager
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DFC40BAA-67F8-4578-84FB-C6077D22BBC2}" = Deutsch (erweitert)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F737C2B0-0B9C-45F9-AEF1-BBA54AECC215}" = Deutsch (erweitert II)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Defraggler" = Defraggler
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstallieren)
"FeedReader_is1" = FeedReader
"Fraps" = Fraps
"GIF Animator" = Microsoft GIF Animator
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Inkscape" = Inkscape 0.47
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Little Piano_is1" = Little Piano
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.2.8_is1" = MyDefrag v4.2.8
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Notepad++" = Notepad++
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Opera 11.51.1087" = Opera 11.51
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.3.2
"ST5UNST #1" = PixLin
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tiled" = Tiled - Tiled Map Editor
"Trucks & Trailers" = Trucks & Trailers 1.00
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Magic Machines" = World of Magic Machines
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JOSM" = JOSM
"Skat-Online V9" = Skat-Online V9
"StrokeIt" = StrokeIt
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3028
Description =
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3058
Description =
Error - 10.08.2012 06:58:01 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 10:35:19 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 13:47:46 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 15:24:08 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 06:01:16 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 13:47:55 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 28.10.2010 13:27:07 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.10.2010 13:29:59 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 31.10.2010 02:17:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.11.2010 13:10:03 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.12.2010 11:32:04 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.01.2011 12:14:27 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.02.2011 13:04:47 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2012 14:58:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3309
seconds with 3120 seconds of active time. This session ended with a crash.
Error - 01.04.2012 16:09:33 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9812
seconds with 6420 seconds of active time. This session ended with a crash.
Error - 03.04.2012 13:25:05 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.08.2012 09:02:13 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 11.08.2012 09:11:58 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 11.08.2012 09:19:55 | Computer Name = Notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.08.2012 09:44:56 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
< End of report >
GMer hab ich eigentlich auch durchlaufen lassen, hatte aber keine Rootkit-Meldung und find jetzt auch irgendwie keine .txt dazu; wenn ich nochmal einen Scan machen soll, sagts mir. Und von Malwarebytes mit ZeroAccess-Meldung ... Zitat:
Und von Avira einige meiner Meldungen, hab mal für alle Trojaner, die mir gemeldet wurden, was rausgesucht: Zitat:
Zitat:
Zitat:
Zitat:
Markus Geändert von Markus__ (12.08.2012 um 21:23 Uhr) |
|
16.08.2012, 10:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
16.08.2012, 18:09
| #3 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Hallo und Danke, dass du dich um mein Thema hier kümmerst.
__________________Wie es aussieht, haben weder Malwarebytes noch ESET was gefunden. (Wie gesagt, ich erhalte auch keine Meldungen mehr von Avira und der PC scheint normal und nicht verlangsamt zu laufen.) Es folgen die angefragten Logs. Malwarebytes - Full-Scan von heute: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: NOTEBOOK [Administrator] 16.08.2012 14:25:47 mbam-log-2012-08-16 (14-25-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359377 Laufzeit: 1 Stunde(n), 46 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.12.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: NOTEBOOK [Administrator] 13.08.2012 10:07:36 mbam-log-2012-08-13 (10-07-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190467 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [beim nächsten Scan siehe Log von soeben wurden nur noch zwei Trojaner gefunden; vllt. zwei entfernt von Avira?!] ESET-Log von heute Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8db45aeec86d7543a3b2c914c3114340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 04:30:31
# local_time=2012-08-16 06:30:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 26292474 26292474 0 0
# compatibility_mode=5892 16776637 100 100 165573 182660387 0 0
# compatibility_mode=8192 67108863 100 0 535 535 0 0
# scanned=175866
# found=0
# cleaned=0
# scan_time=6972
|
|
17.08.2012, 16:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
17.08.2012, 18:55
| #5 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Hier der Log. AdwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/17/2012 at 19:52:48
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : *** - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Partner
***** [Registry] *****
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\prefs.js
Found : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Profile name : Entwickler
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\czzssl4z.Entwickler\prefs.js
[OK] File is clean.
-\\ Opera v11.51.1087.0
File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2082 octets] - [17/08/2012 19:52:48]
########## EOF - C:\AdwCleaner[R1].txt - [2210 octets] ##########
|
|
18.08.2012, 11:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe |
|
19.08.2012, 10:00
| #7 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe AdwCleaner-Log: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/19/2012 at 10:48:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Markus - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Partner
***** [Registry] *****
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\prefs.js
Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Profile name : Entwickler
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\czzssl4z.Entwickler\prefs.js
[OK] File is clean.
-\\ Opera v11.51.1087.0
File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2211 octets] - [17/08/2012 19:52:48]
AdwCleaner[S1].txt - [2170 octets] - [19/08/2012 10:48:04]
########## EOF - C:\AdwCleaner[S1].txt - [2298 octets] ##########
Also, soweit ich das sehe, vermisse ich nix im Startmenü, das einzige an vllt. Relevantem, was mir aufgefallen ist, ist ein leerer Ordner "Autostart", aber der war vllt. vorher auch schon leer. Der normale Modus von Windows funktioniert weiterhin wie eh schon die ganze Zeit.  |
|
20.08.2012, 17:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.08.2012, 11:26
| #9 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Bitteschön! Code:
ATTFilter OTL logfile created on: 21.08.2012 12:02:00 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,37 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 61,35% Memory free 4,98 Gb Paging File | 3,81 Gb Available in Paging File | 76,44% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,65 Gb Total Space | 75,22 Gb Free Space | 52,73% Space Free | Partition Type: NTFS Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.21 12:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.08.20 11:30:52 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.08.13 10:05:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.08.13 10:05:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.13 10:05:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.13 10:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service) SRV - [2012.08.13 10:05:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.08.13 10:05:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2012.08.13 10:05:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.13 10:05:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms} IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366 IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M] [2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.08.19 10:48:14 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions [2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0 O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.17 11:51:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\vllg_data [2012.08.17 11:45:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hmne_data [2012.08.16 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.08.16 16:22:56 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.08.12 20:06:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ ========== Files - Modified Within 30 Days ========== [2012.08.21 12:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.21 11:57:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.21 11:57:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.21 11:57:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.21 11:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.21 11:56:47 | 2546,290,688 | -HS- | M] () -- C:\hiberfil.sys [2012.08.21 11:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.20 14:11:51 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.08.17 20:31:57 | 003,169,576 | ---- | M] () -- C:\Users\***\Documents\Trte.wav [2012.08.17 19:52:37 | 000,618,227 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.08.17 11:51:01 | 000,002,219 | ---- | M] () -- C:\Users\***\Documents\vllg.aup [2012.08.17 11:45:02 | 000,001,340 | ---- | M] () -- C:\Users\***\Documents\Hmne.aup [2012.08.17 11:17:39 | 004,809,942 | ---- | M] () -- C:\Users\***\Documents\Hmne.wav [2012.08.16 16:25:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.08.15 15:57:21 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.08.15 11:41:00 | 000,330,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 10:05:11 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.08.13 10:05:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk [2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk ========== Files Created - No Company Name ========== [2012.08.17 20:31:57 | 003,169,576 | ---- | C] () -- C:\Users\***\Documents\Trte.wav [2012.08.17 19:52:25 | 000,618,227 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.08.17 11:51:01 | 000,002,219 | ---- | C] () -- C:\Users\***\Documents\vllg.aup [2012.08.17 11:45:02 | 000,001,340 | ---- | C] () -- C:\Users\***\Documents\Hmne.aup [2012.08.17 11:17:38 | 004,809,942 | ---- | C] () -- C:\Users\***\Documents\Hmne.wav [2012.08.15 15:57:21 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe [2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@ [2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk [2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI [2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@ [2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI [2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL [2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL [2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini [2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst [2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm [2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM [2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story [2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF [2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand [2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks [2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView [2012.08.21 11:55:54 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2011.04.11 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm [2010.02.08 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2011.10.17 09:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.02.09 09:51:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2010.02.09 11:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google [2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.02.08 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2010.02.08 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM [2012.08.21 10:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story [2012.08.12 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.08.19 09:57:33 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010.06.08 16:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF [2010.04.01 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real [2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand [2010.11.25 18:26:45 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM [2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA [2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks [2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.06.17 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2010.12.25 22:26:26 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\***\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe < %SYSTEMDRIVE%\*.exe > [2001.11.09 17:58:38 | 000,131,072 | ---- | M] (Hard & Software) -- C:\PixLin.exe [2012.06.14 20:57:45 | 000,589,824 | ---- | M] (Samsung Printer) -- C:\SP_Connector.exe < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Users\***\Weitere Daten\XP Sicherung\I386\sp2.cab:AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Acer\Preload\Autorun\DRV\ATIVGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2008.09.10 22:07:48 | 000,182,288 | ---- | M] (AMD Technologies Inc.) MD5=6F1565AD2C46A5BC20107A4626E9A340 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_38fe8913\ahcix86s.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Users\***\Weitere Daten\XP Sicherung\I386\sp2.cab:atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Code:
ATTFilter Typ: Datei
Quelle: C:\Users\Markus\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@
Status: Infiziert
Quarantäne-Objekt: 5537d8bb.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.132
Virendefinitionsdatei: 7.11.40.06
Meldung: BDS/ZAccess.V
Datum/Uhrzeit: 21.08.2012, 13:32
Die Avira-Meldung stammt aus der gleichen Sitzung wie der obige OTL-CustomScan. Habe während des Scans natürlich nix am Computer gemacht, aber das OTL-Fenster erst später geschlossen, dabei zeitliche Nähe zu besagter Avira-Meldung. Könnte es evtl. sein, dass OTL das "aufgedeckt" hat? Nach einem Reboot startete Avira erst recht spät, Windows meldete zwischendurch, der Virenscanner sei aus. Ich wollte manuell aktivieren und bekam eine Windows-Meldung, ob das Programm den vertrauenswürdig sei und ich fortfahren wolle; habe das erstmal gelassen; Problem löste sich kurzerhand anscheinend von selbst, in dem auch der Scanner dann endlich startete und das Sicherheitscenter keine solchen Probleme mehr meldete. Habe zudem auch gleich einen Quick-Scan mit Malwarebytes gemacht: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.21.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Markus :: NOTEBOOK [Administrator] 21.08.2012 13:52:26 mbam-log-2012-08-21 (13-52-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191337 Laufzeit: 4 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
21.08.2012, 13:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - File not found [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\L
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@
C:\Users\***\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
21.08.2012, 17:31
| #11 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Vielen Dank für deine Antwort und das Script. Ich hoffe, du hast auch mein Edit oben zur Kenntnis genommen (der Abschnitt ab "Avira hat neue Malware gefunden"), da deine Antwort sehr prompt nach dem Edit kam. Code:
ATTFilter All processes killed
========== OTL ==========
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
File C:\ProgramData\Partner\partner.exe not found.
Registry key HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMorePrograms deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\L folder moved successfully.
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U folder moved successfully.
File\Folder C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n not found.
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@ moved successfully.
C:\Users\***\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 21204382 bytes
->Temporary Internet Files folder emptied: 1523712 bytes
->Java cache emptied: 28339400 bytes
->FireFox cache emptied: 61198178 bytes
->Opera cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54872 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 107,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ***
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.58.1 log created on 08212012_182204
Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\versaleszett.zip not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Wie auch immer, dir noch einen erholsamen Urlaub. |
|
30.08.2012, 12:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
31.08.2012, 15:00
| #13 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Willkommen zurück! Log Code:
ATTFilter 15:52:18.0363 5576 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:52:18.0426 5576 ============================================================
15:52:18.0426 5576 Current date / time: 2012/08/31 15:52:18.0426
15:52:18.0426 5576 SystemInfo:
15:52:18.0426 5576
15:52:18.0426 5576 OS Version: 6.0.6002 ServicePack: 2.0
15:52:18.0426 5576 Product type: Workstation
15:52:18.0426 5576 ComputerName: NOTEBOOK
15:52:18.0426 5576 UserName: ***
15:52:18.0426 5576 Windows directory: C:\Windows
15:52:18.0426 5576 System windows directory: C:\Windows
15:52:18.0426 5576 Processor architecture: Intel x86
15:52:18.0426 5576 Number of processors: 2
15:52:18.0426 5576 Page size: 0x1000
15:52:18.0426 5576 Boot type: Normal boot
15:52:18.0426 5576 ============================================================
15:52:19.0939 5576 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:52:19.0939 5576 ============================================================
15:52:19.0939 5576 \Device\Harddisk0\DR0:
15:52:19.0939 5576 MBR partitions:
15:52:19.0939 5576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x11D4D000
15:52:19.0939 5576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x130D5800, BlocksNum 0x11D58800
15:52:19.0939 5576 ============================================================
15:52:19.0970 5576 C: <-> \Device\Harddisk0\DR0\Partition1
15:52:20.0017 5576 D: <-> \Device\Harddisk0\DR0\Partition2
15:52:20.0017 5576 ============================================================
15:52:20.0017 5576 Initialize success
15:52:20.0017 5576 ============================================================
15:53:56.0050 4940 ============================================================
15:53:56.0050 4940 Scan started
15:53:56.0050 4940 Mode: Manual; SigCheck; TDLFS;
15:53:56.0050 4940 ============================================================
15:53:59.0202 4940 ================ Scan services =============================
15:53:59.0498 4940 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:53:59.0654 4940 ACPI - ok
15:53:59.0779 4940 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:53:59.0810 4940 AdobeARMservice - ok
15:53:59.0872 4940 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:53:59.0904 4940 adp94xx - ok
15:53:59.0950 4940 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:53:59.0997 4940 adpahci - ok
15:54:00.0044 4940 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:54:00.0060 4940 adpu160m - ok
15:54:00.0075 4940 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:54:00.0091 4940 adpu320 - ok
15:54:00.0138 4940 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:54:00.0200 4940 AeLookupSvc - ok
15:54:00.0247 4940 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:54:00.0294 4940 AFD - ok
15:54:00.0325 4940 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:54:00.0340 4940 agp440 - ok
15:54:00.0387 4940 [ 03081E98C515CB838434D252F407F6E8 ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
15:54:00.0418 4940 ahcix86s - ok
15:54:00.0434 4940 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:54:00.0450 4940 aic78xx - ok
15:54:00.0481 4940 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:54:00.0543 4940 ALG - ok
15:54:00.0559 4940 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:54:00.0574 4940 aliide - ok
15:54:00.0652 4940 ALSysIO - ok
15:54:00.0699 4940 [ FF794EC143F166349B49CF13507311D2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:54:00.0855 4940 AMD External Events Utility - ok
15:54:00.0918 4940 AMD FUEL Service - ok
15:54:00.0964 4940 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:54:00.0980 4940 amdagp - ok
15:54:00.0996 4940 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:54:01.0011 4940 amdide - ok
15:54:01.0042 4940 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
15:54:01.0042 4940 amdiox86 - ok
15:54:01.0074 4940 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:54:01.0120 4940 AmdK7 - ok
15:54:01.0136 4940 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:54:01.0167 4940 AmdK8 - ok
15:54:01.0495 4940 [ 68D791D78454684340433E52059EB45E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:01.0869 4940 amdkmdag - ok
15:54:01.0947 4940 [ 96CD7053A516C30E61A05DF9757DA7DE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:54:01.0994 4940 amdkmdap - ok
15:54:02.0072 4940 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
15:54:02.0103 4940 AmdLLD - ok
15:54:02.0181 4940 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:02.0212 4940 AntiVirSchedulerService - ok
15:54:02.0259 4940 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:02.0275 4940 AntiVirService - ok
15:54:02.0322 4940 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:54:02.0353 4940 Appinfo - ok
15:54:02.0384 4940 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:54:02.0400 4940 arc - ok
15:54:02.0431 4940 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:54:02.0446 4940 arcsas - ok
15:54:02.0493 4940 [ E54E27976E2C5A6465D44C10B1D87AC0 ] ASPI C:\Windows\System32\DRIVERS\ASPI32.sys
15:54:02.0524 4940 ASPI ( UnsignedFile.Multi.Generic ) - warning
15:54:02.0524 4940 ASPI - detected UnsignedFile.Multi.Generic (1)
15:54:02.0634 4940 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:54:02.0649 4940 aspnet_state - ok
15:54:02.0743 4940 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:02.0790 4940 AsyncMac - ok
15:54:02.0821 4940 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
15:54:02.0852 4940 atapi - ok
15:54:03.0086 4940 [ D59E7A5DAA08C91172E95B4F1CA6D8C3 ] athr C:\Windows\system32\DRIVERS\athr.sys
15:54:03.0258 4940 athr - ok
15:54:03.0741 4940 [ 68D791D78454684340433E52059EB45E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:04.0100 4940 atikmdag - ok
15:54:04.0194 4940 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:54:04.0194 4940 AtiPcie - ok
15:54:04.0303 4940 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:54:04.0334 4940 AudioEndpointBuilder - ok
15:54:04.0350 4940 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:54:04.0365 4940 Audiosrv - ok
15:54:04.0443 4940 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:04.0459 4940 avgntflt - ok
15:54:04.0521 4940 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:54:04.0537 4940 avipbb - ok
15:54:04.0584 4940 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:54:04.0599 4940 avkmgr - ok
15:54:04.0693 4940 [ 6FB43F0DADB3FDC287D080C19666AF8D ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:54:04.0755 4940 b57nd60x - ok
15:54:04.0802 4940 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:54:04.0833 4940 Beep - ok
15:54:04.0880 4940 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:54:04.0927 4940 BFE - ok
15:54:04.0989 4940 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:54:05.0052 4940 BITS - ok
15:54:05.0083 4940 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:54:05.0114 4940 blbdrive - ok
15:54:05.0145 4940 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:54:05.0176 4940 bowser - ok
15:54:05.0223 4940 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:54:05.0286 4940 BrFiltLo - ok
15:54:05.0301 4940 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:54:05.0332 4940 BrFiltUp - ok
15:54:05.0364 4940 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:54:05.0410 4940 Browser - ok
15:54:05.0426 4940 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:54:05.0488 4940 Brserid - ok
15:54:05.0551 4940 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:54:05.0613 4940 BrSerWdm - ok
15:54:05.0660 4940 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:54:05.0754 4940 BrUsbMdm - ok
15:54:05.0800 4940 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:54:05.0894 4940 BrUsbSer - ok
15:54:05.0972 4940 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:54:06.0034 4940 BTHMODEM - ok
15:54:06.0097 4940 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
15:54:06.0097 4940 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:06.0097 4940 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
15:54:06.0128 4940 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:54:06.0175 4940 cdfs - ok
15:54:06.0206 4940 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:54:06.0268 4940 cdrom - ok
15:54:06.0315 4940 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:54:06.0346 4940 CertPropSvc - ok
15:54:06.0378 4940 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:54:06.0409 4940 circlass - ok
15:54:06.0471 4940 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:54:06.0487 4940 CLFS - ok
15:54:06.0658 4940 [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:54:06.0690 4940 CLHNService ( UnsignedFile.Multi.Generic ) - warning
15:54:06.0690 4940 CLHNService - detected UnsignedFile.Multi.Generic (1)
15:54:06.0721 4940 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:06.0736 4940 clr_optimization_v2.0.50727_32 - ok
15:54:06.0783 4940 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:06.0799 4940 clr_optimization_v4.0.30319_32 - ok
15:54:06.0830 4940 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:06.0877 4940 CmBatt - ok
15:54:06.0892 4940 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:54:06.0924 4940 cmdide - ok
15:54:06.0970 4940 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:54:06.0986 4940 Compbatt - ok
15:54:07.0002 4940 COMSysApp - ok
15:54:07.0048 4940 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
15:54:07.0064 4940 cpuz135 - ok
15:54:07.0064 4940 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:54:07.0080 4940 crcdisk - ok
15:54:07.0095 4940 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:54:07.0142 4940 Crusoe - ok
15:54:07.0173 4940 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:54:07.0204 4940 CryptSvc - ok
15:54:07.0423 4940 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:54:07.0485 4940 DcomLaunch - ok
15:54:07.0532 4940 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:54:07.0563 4940 DfsC - ok
15:54:07.0641 4940 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:54:07.0797 4940 DFSR - ok
15:54:07.0828 4940 DgiVecp - ok
15:54:07.0875 4940 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:54:07.0922 4940 Dhcp - ok
15:54:07.0969 4940 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:54:07.0984 4940 disk - ok
15:54:08.0047 4940 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
15:54:08.0062 4940 DKbFltr - ok
15:54:08.0109 4940 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:54:08.0140 4940 Dnscache - ok
15:54:08.0203 4940 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:54:08.0234 4940 dot3svc - ok
15:54:08.0281 4940 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:54:08.0312 4940 DPS - ok
15:54:08.0374 4940 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:54:08.0421 4940 drmkaud - ok
15:54:08.0562 4940 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:54:08.0608 4940 DXGKrnl - ok
15:54:08.0655 4940 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:08.0733 4940 E1G60 - ok
15:54:08.0780 4940 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:54:08.0827 4940 EapHost - ok
15:54:08.0889 4940 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:54:08.0983 4940 Ecache - ok
15:54:09.0154 4940 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
15:54:09.0186 4940 eDataSecurity Service - ok
15:54:09.0388 4940 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:54:09.0466 4940 ehRecvr - ok
15:54:09.0498 4940 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:54:09.0560 4940 ehSched - ok
15:54:09.0622 4940 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:54:09.0700 4940 ehstart - ok
15:54:09.0732 4940 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:54:09.0763 4940 elxstor - ok
15:54:09.0872 4940 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:54:09.0919 4940 EMDMgmt - ok
15:54:09.0981 4940 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:54:10.0028 4940 ErrDev - ok
15:54:10.0090 4940 [ F25247D0E011A643EE60052CE23BE05E ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:54:10.0106 4940 ETService ( UnsignedFile.Multi.Generic ) - warning
15:54:10.0106 4940 ETService - detected UnsignedFile.Multi.Generic (1)
15:54:10.0153 4940 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:54:10.0184 4940 EventSystem - ok
15:54:10.0231 4940 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:54:10.0262 4940 exfat - ok
15:54:10.0293 4940 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:54:10.0340 4940 fastfat - ok
15:54:10.0371 4940 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:54:10.0434 4940 fdc - ok
15:54:10.0465 4940 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:54:10.0496 4940 fdPHost - ok
15:54:10.0512 4940 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:54:10.0574 4940 FDResPub - ok
15:54:10.0590 4940 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:54:10.0605 4940 FileInfo - ok
15:54:10.0636 4940 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:54:10.0699 4940 Filetrace - ok
15:54:10.0730 4940 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:10.0808 4940 flpydisk - ok
15:54:10.0870 4940 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:54:10.0886 4940 FltMgr - ok
15:54:10.0964 4940 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:54:11.0104 4940 FontCache - ok
15:54:11.0370 4940 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:11.0385 4940 FontCache3.0.0.0 - ok
15:54:11.0448 4940 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
15:54:11.0463 4940 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:54:11.0463 4940 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:54:11.0510 4940 [ 346086A99E6347C11E20D3FCBAEEAB77 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
15:54:11.0526 4940 FsUsbExService - ok
15:54:11.0572 4940 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:54:11.0604 4940 Fs_Rec - ok
15:54:11.0635 4940 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:54:11.0650 4940 gagp30kx - ok
15:54:12.0025 4940 [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:54:12.0025 4940 GoogleDesktopManager-110309-193829 - ok
15:54:12.0290 4940 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:54:12.0337 4940 gpsvc - ok
15:54:12.0493 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:12.0508 4940 gupdate - ok
15:54:12.0540 4940 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:12.0540 4940 gupdatem - ok
15:54:12.0618 4940 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:54:12.0680 4940 HdAudAddService - ok
15:54:12.0836 4940 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:12.0945 4940 HDAudBus - ok
15:54:12.0992 4940 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:54:13.0054 4940 HidBth - ok
15:54:13.0117 4940 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:54:13.0179 4940 HidIr - ok
15:54:13.0226 4940 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:54:13.0273 4940 hidserv - ok
15:54:13.0304 4940 [ 7F7E5E98CEFED8A10F7E56810EA7B6DF ] hidshim C:\Windows\system32\DRIVERS\hidshim.sys
15:54:13.0335 4940 hidshim - ok
15:54:13.0382 4940 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:54:13.0429 4940 HidUsb - ok
15:54:13.0444 4940 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:54:13.0507 4940 hkmsvc - ok
15:54:13.0569 4940 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:54:13.0585 4940 HpCISSs - ok
15:54:13.0632 4940 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:54:13.0678 4940 HSFHWAZL - ok
15:54:13.0928 4940 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:54:14.0022 4940 HSF_DPV - ok
15:54:14.0068 4940 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:54:14.0100 4940 HSXHWAZL - ok
15:54:14.0162 4940 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:54:14.0224 4940 HTTP - ok
15:54:14.0256 4940 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:54:14.0302 4940 i2omp - ok
15:54:14.0334 4940 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:14.0380 4940 i8042prt - ok
15:54:14.0521 4940 [ 8318E04A6455CED1020BCC5039B62CFA ] ialm C:\Windows\system32\DRIVERS\ialmnt5.sys
15:54:14.0692 4940 ialm - ok
15:54:14.0880 4940 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:54:14.0942 4940 iaStorV - ok
15:54:15.0036 4940 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:15.0114 4940 idsvc - ok
15:54:15.0145 4940 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:54:15.0160 4940 iirsp - ok
15:54:15.0285 4940 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:54:15.0332 4940 IKEEXT - ok
15:54:15.0410 4940 [ 58FF11C95C3681C9250914521CB9F036 ] int15 C:\Windows\system32\drivers\int15.sys
15:54:15.0457 4940 int15 - ok
15:54:15.0582 4940 [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:54:15.0784 4940 IntcAzAudAddService - ok
15:54:15.0816 4940 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:54:15.0831 4940 intelide - ok
15:54:15.0862 4940 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:54:15.0894 4940 intelppm - ok
15:54:15.0925 4940 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:54:15.0987 4940 IPBusEnum - ok
15:54:16.0018 4940 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:16.0050 4940 IpFilterDriver - ok
15:54:16.0081 4940 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:54:16.0128 4940 iphlpsvc - ok
15:54:16.0128 4940 IpInIp - ok
15:54:16.0143 4940 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:54:16.0190 4940 IPMIDRV - ok
15:54:16.0252 4940 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:54:16.0284 4940 IPNAT - ok
15:54:16.0330 4940 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
15:54:16.0362 4940 irda - ok
15:54:16.0393 4940 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:54:16.0424 4940 IRENUM - ok
15:54:16.0486 4940 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
15:54:16.0611 4940 Irmon - ok
15:54:16.0627 4940 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:54:16.0674 4940 isapnp - ok
15:54:16.0720 4940 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:16.0736 4940 iScsiPrt - ok
15:54:16.0783 4940 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:54:16.0798 4940 iteatapi - ok
15:54:16.0861 4940 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:54:16.0892 4940 iteraid - ok
15:54:16.0908 4940 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:16.0923 4940 kbdclass - ok
15:54:16.0986 4940 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:54:17.0064 4940 kbdhid - ok
15:54:17.0110 4940 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:54:17.0157 4940 KeyIso - ok
15:54:17.0282 4940 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:54:17.0360 4940 KSecDD - ok
15:54:17.0469 4940 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:54:17.0594 4940 KtmRm - ok
15:54:17.0688 4940 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:54:17.0766 4940 LanmanServer - ok
15:54:17.0812 4940 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:54:17.0859 4940 LanmanWorkstation - ok
15:54:17.0922 4940 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:54:17.0968 4940 lltdio - ok
15:54:18.0015 4940 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:54:18.0093 4940 lltdsvc - ok
15:54:18.0140 4940 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:54:18.0187 4940 lmhosts - ok
15:54:18.0234 4940 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:54:18.0249 4940 LSI_FC - ok
15:54:18.0296 4940 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:54:18.0312 4940 LSI_SAS - ok
15:54:18.0405 4940 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:54:18.0421 4940 LSI_SCSI - ok
15:54:18.0436 4940 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:54:18.0483 4940 luafv - ok
15:54:18.0546 4940 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:54:18.0608 4940 Mcx2Svc - ok
15:54:18.0639 4940 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:54:18.0655 4940 mdmxsdk - ok
15:54:18.0702 4940 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:54:18.0717 4940 megasas - ok
15:54:18.0733 4940 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:54:18.0764 4940 MegaSR - ok
15:54:18.0795 4940 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:54:18.0873 4940 MMCSS - ok
15:54:18.0936 4940 MobilityService - ok
15:54:18.0967 4940 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:54:19.0029 4940 Modem - ok
15:54:19.0045 4940 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:54:19.0092 4940 monitor - ok
15:54:19.0107 4940 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:54:19.0123 4940 mouclass - ok
15:54:19.0154 4940 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:54:19.0201 4940 mouhid - ok
15:54:19.0232 4940 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:54:19.0279 4940 MountMgr - ok
15:54:19.0357 4940 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:19.0372 4940 MozillaMaintenance - ok
15:54:19.0419 4940 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:54:19.0435 4940 mpio - ok
15:54:19.0466 4940 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:54:19.0497 4940 mpsdrv - ok
15:54:19.0606 4940 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:54:19.0669 4940 MpsSvc - ok
15:54:19.0747 4940 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:54:19.0762 4940 Mraid35x - ok
15:54:19.0794 4940 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:54:19.0825 4940 MRxDAV - ok
15:54:19.0918 4940 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:20.0012 4940 mrxsmb - ok
15:54:20.0106 4940 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:20.0121 4940 mrxsmb10 - ok
15:54:20.0199 4940 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:20.0277 4940 mrxsmb20 - ok
15:54:20.0308 4940 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:54:20.0324 4940 msahci - ok
15:54:20.0340 4940 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:54:20.0355 4940 msdsm - ok
15:54:20.0386 4940 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:54:20.0418 4940 MSDTC - ok
15:54:20.0464 4940 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:54:20.0527 4940 Msfs - ok
15:54:20.0558 4940 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:54:20.0574 4940 msisadrv - ok
15:54:20.0605 4940 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:54:20.0698 4940 MSiSCSI - ok
15:54:20.0714 4940 msiserver - ok
15:54:20.0730 4940 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:54:20.0761 4940 MSKSSRV - ok
15:54:20.0761 4940 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:20.0792 4940 MSPCLOCK - ok
15:54:20.0808 4940 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:54:20.0854 4940 MSPQM - ok
15:54:20.0932 4940 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:54:20.0948 4940 MsRPC - ok
15:54:21.0026 4940 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:21.0026 4940 mssmbios - ok
15:54:21.0135 4940 MSSQL$SQLEXPRESS - ok
15:54:21.0198 4940 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:54:21.0213 4940 MSSQLServerADHelper100 - ok
15:54:21.0244 4940 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:54:21.0276 4940 MSTEE - ok
15:54:21.0307 4940 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:54:21.0322 4940 Mup - ok
15:54:21.0385 4940 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:54:21.0432 4940 napagent - ok
15:54:21.0494 4940 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:54:21.0510 4940 NativeWifiP - ok
15:54:21.0572 4940 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:54:21.0603 4940 NDIS - ok
15:54:21.0634 4940 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:21.0666 4940 NdisTapi - ok
15:54:21.0697 4940 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:21.0744 4940 Ndisuio - ok
15:54:21.0790 4940 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:21.0822 4940 NdisWan - ok
15:54:21.0837 4940 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:54:21.0853 4940 NDProxy - ok
15:54:21.0868 4940 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:54:21.0900 4940 NetBIOS - ok
15:54:21.0946 4940 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:54:21.0993 4940 netbt - ok
15:54:22.0009 4940 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:54:22.0024 4940 Netlogon - ok
15:54:22.0056 4940 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:54:22.0102 4940 Netman - ok
15:54:22.0165 4940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0274 4940 NetMsmqActivator - ok
15:54:22.0290 4940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0305 4940 NetPipeActivator - ok
15:54:22.0321 4940 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:54:22.0368 4940 netprofm - ok
15:54:22.0368 4940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0383 4940 NetTcpActivator - ok
15:54:22.0399 4940 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0414 4940 NetTcpPortSharing - ok
15:54:22.0446 4940 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:54:22.0461 4940 nfrd960 - ok
15:54:22.0492 4940 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:54:22.0524 4940 NlaSvc - ok
15:54:22.0570 4940 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:54:22.0602 4940 Npfs - ok
15:54:22.0664 4940 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
15:54:22.0695 4940 NSCIRDA - ok
15:54:22.0742 4940 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:54:22.0820 4940 nsi - ok
15:54:22.0851 4940 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:54:22.0914 4940 nsiproxy - ok
15:54:22.0976 4940 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:54:23.0070 4940 Ntfs - ok
15:54:23.0101 4940 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:54:23.0116 4940 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:23.0116 4940 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
15:54:23.0163 4940 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:54:23.0179 4940 NTIDrvr - ok
15:54:23.0210 4940 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:54:23.0226 4940 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:23.0226 4940 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
15:54:23.0257 4940 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:54:23.0304 4940 ntrigdigi - ok
15:54:23.0335 4940 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:54:23.0382 4940 Null - ok
15:54:23.0413 4940 [ 85D8845B7B6A434B7CE35723BF0E5C57 ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
15:54:23.0444 4940 nuvotonhidgeneric - ok
15:54:23.0491 4940 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:54:23.0506 4940 nvraid - ok
15:54:23.0553 4940 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:54:23.0569 4940 nvstor - ok
15:54:23.0616 4940 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:54:23.0631 4940 nv_agp - ok
15:54:23.0647 4940 NwlnkFlt - ok
15:54:23.0647 4940 NwlnkFwd - ok
15:54:23.0772 4940 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:54:23.0803 4940 odserv - ok
15:54:23.0834 4940 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:23.0881 4940 ohci1394 - ok
15:54:23.0912 4940 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:23.0928 4940 ose - ok
15:54:24.0052 4940 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:54:24.0130 4940 p2pimsvc - ok
15:54:24.0146 4940 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:54:24.0177 4940 p2psvc - ok
15:54:24.0224 4940 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:54:24.0286 4940 Parport - ok
15:54:24.0333 4940 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:54:24.0349 4940 partmgr - ok
15:54:24.0380 4940 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:54:24.0442 4940 Parvdm - ok
15:54:24.0489 4940 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:54:24.0536 4940 PcaSvc - ok
15:54:24.0583 4940 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:54:24.0630 4940 pccsmcfd - ok
15:54:24.0645 4940 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:54:24.0661 4940 pci - ok
15:54:24.0723 4940 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:54:24.0739 4940 pciide - ok
15:54:24.0817 4940 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:54:24.0832 4940 pcmcia - ok
15:54:24.0895 4940 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:54:24.0988 4940 PEAUTH - ok
15:54:25.0082 4940 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:54:25.0238 4940 pla - ok
15:54:25.0300 4940 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:54:25.0378 4940 PlugPlay - ok
15:54:25.0425 4940 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:54:25.0456 4940 PNRPAutoReg - ok
15:54:25.0519 4940 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:54:25.0550 4940 PNRPsvc - ok
15:54:25.0628 4940 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:54:25.0690 4940 PolicyAgent - ok
15:54:25.0753 4940 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:54:25.0800 4940 PptpMiniport - ok
15:54:25.0831 4940 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:54:25.0862 4940 Processor - ok
15:54:25.0924 4940 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:54:25.0956 4940 ProfSvc - ok
15:54:25.0987 4940 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:54:26.0002 4940 ProtectedStorage - ok
15:54:26.0034 4940 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:54:26.0065 4940 PSched - ok
15:54:26.0080 4940 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
15:54:26.0096 4940 PSDFilter - ok
15:54:26.0143 4940 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
15:54:26.0158 4940 PSDNServ - ok
15:54:26.0221 4940 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
15:54:26.0236 4940 psdvdisk - ok
15:54:26.0314 4940 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:54:26.0408 4940 ql2300 - ok
15:54:26.0470 4940 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:54:26.0486 4940 ql40xx - ok
15:54:26.0533 4940 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:54:26.0564 4940 QWAVE - ok
15:54:26.0595 4940 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:54:26.0611 4940 QWAVEdrv - ok
15:54:26.0658 4940 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:54:26.0704 4940 RasAcd - ok
15:54:26.0736 4940 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:54:26.0767 4940 RasAuto - ok
15:54:26.0814 4940 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:54:26.0845 4940 Rasl2tp - ok
15:54:26.0876 4940 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:54:26.0938 4940 RasMan - ok
15:54:26.0970 4940 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:54:27.0001 4940 RasPppoe - ok
15:54:27.0032 4940 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:54:27.0048 4940 RasSstp - ok
15:54:27.0110 4940 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:54:27.0141 4940 rdbss - ok
15:54:27.0204 4940 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:54:27.0235 4940 RDPCDD - ok
15:54:27.0282 4940 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:54:27.0328 4940 rdpdr - ok
15:54:27.0360 4940 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:54:27.0406 4940 RDPENCDD - ok
15:54:27.0438 4940 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:54:27.0484 4940 RDPWD - ok
15:54:27.0531 4940 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:54:27.0562 4940 RemoteAccess - ok
15:54:27.0594 4940 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:54:27.0609 4940 RemoteRegistry - ok
15:54:27.0656 4940 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:54:27.0672 4940 RpcLocator - ok
15:54:27.0718 4940 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:54:27.0765 4940 RpcSs - ok
15:54:27.0843 4940 [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
15:54:27.0874 4940 RsFx0105 - ok
15:54:27.0906 4940 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:54:27.0952 4940 rspndr - ok
15:54:28.0030 4940 [ D3B4872DE758EFA9E0740694C4461421 ] RT25USBAP C:\Windows\system32\DRIVERS\rt25usbap.sys
15:54:28.0077 4940 RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
15:54:28.0077 4940 RT25USBAP - detected UnsignedFile.Multi.Generic (1)
15:54:28.0108 4940 [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
15:54:28.0124 4940 RTHDMIAzAudService - ok
15:54:28.0155 4940 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
15:54:28.0186 4940 RTSTOR - ok
15:54:28.0202 4940 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:54:28.0218 4940 SamSs - ok
15:54:28.0249 4940 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:54:28.0264 4940 sbp2port - ok
15:54:28.0327 4940 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:54:28.0342 4940 SCardSvr - ok
15:54:28.0420 4940 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:54:28.0498 4940 Schedule - ok
15:54:28.0545 4940 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:54:28.0561 4940 SCPolicySvc - ok
15:54:28.0608 4940 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:54:28.0654 4940 sdbus - ok
15:54:28.0701 4940 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:54:28.0732 4940 SDRSVC - ok
15:54:28.0826 4940 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:54:28.0904 4940 secdrv - ok
15:54:28.0935 4940 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:54:28.0982 4940 seclogon - ok
15:54:29.0013 4940 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:54:29.0060 4940 SENS - ok
15:54:29.0091 4940 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:54:29.0169 4940 Serenum - ok
15:54:29.0200 4940 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:54:29.0263 4940 Serial - ok
15:54:29.0325 4940 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:54:29.0356 4940 sermouse - ok
15:54:29.0466 4940 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:54:29.0481 4940 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:54:29.0481 4940 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:54:29.0512 4940 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:54:29.0544 4940 SessionEnv - ok
15:54:29.0590 4940 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:54:29.0622 4940 sffdisk - ok
15:54:29.0668 4940 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:54:29.0715 4940 sffp_mmc - ok
15:54:29.0746 4940 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:54:29.0793 4940 sffp_sd - ok
15:54:29.0809 4940 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:54:29.0871 4940 sfloppy - ok
15:54:29.0934 4940 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:54:29.0996 4940 SharedAccess - ok
15:54:30.0043 4940 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:54:30.0090 4940 ShellHWDetection - ok
15:54:30.0152 4940 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:54:30.0168 4940 sisagp - ok
15:54:30.0199 4940 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:54:30.0230 4940 SiSRaid2 - ok
15:54:30.0277 4940 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:54:30.0292 4940 SiSRaid4 - ok
15:54:30.0417 4940 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:54:30.0636 4940 slsvc - ok
15:54:30.0698 4940 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:54:30.0729 4940 SLUINotify - ok
15:54:30.0760 4940 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:54:30.0807 4940 Smb - ok
15:54:30.0854 4940 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:54:30.0885 4940 SNMPTRAP - ok
15:54:30.0948 4940 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:54:30.0963 4940 spldr - ok
15:54:31.0010 4940 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:54:31.0072 4940 Spooler - ok
15:54:31.0104 4940 [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
15:54:31.0197 4940 SQLAgent$SQLEXPRESS - ok
15:54:31.0275 4940 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:54:31.0291 4940 SQLBrowser - ok
15:54:31.0338 4940 [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:54:31.0353 4940 SQLWriter - ok
15:54:31.0400 4940 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:54:31.0431 4940 srv - ok
15:54:31.0494 4940 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:54:31.0509 4940 srv2 - ok
15:54:31.0525 4940 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:54:31.0572 4940 srvnet - ok
15:54:31.0650 4940 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:54:31.0712 4940 SSDPSRV - ok
15:54:31.0759 4940 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:54:31.0790 4940 ssmdrv - ok
15:54:31.0837 4940 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
15:54:31.0868 4940 SSPORT ( UnsignedFile.Multi.Generic ) - warning
15:54:31.0868 4940 SSPORT - detected UnsignedFile.Multi.Generic (1)
15:54:31.0884 4940 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:54:31.0915 4940 SstpSvc - ok
15:54:31.0977 4940 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
15:54:31.0993 4940 ss_bbus - ok
15:54:32.0040 4940 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:54:32.0071 4940 ss_bmdfl - ok
15:54:32.0102 4940 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:54:32.0118 4940 ss_bmdm - ok
15:54:32.0180 4940 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:54:32.0258 4940 stisvc - ok
15:54:32.0305 4940 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:54:32.0320 4940 swenum - ok
15:54:32.0352 4940 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:54:32.0398 4940 swprv - ok
15:54:32.0430 4940 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:54:32.0445 4940 Symc8xx - ok
15:54:32.0508 4940 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:54:32.0523 4940 Sym_hi - ok
15:54:32.0554 4940 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:54:32.0586 4940 Sym_u3 - ok
15:54:32.0632 4940 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:54:32.0664 4940 SynTP - ok
15:54:32.0742 4940 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:54:32.0804 4940 SysMain - ok
15:54:32.0866 4940 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:54:32.0898 4940 TabletInputService - ok
15:54:32.0944 4940 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:54:32.0976 4940 TapiSrv - ok
15:54:33.0022 4940 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:54:33.0069 4940 TBS - ok
15:54:33.0147 4940 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:54:33.0225 4940 Tcpip - ok
15:54:33.0272 4940 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:54:33.0334 4940 Tcpip6 - ok
15:54:33.0397 4940 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:54:33.0444 4940 tcpipreg - ok
15:54:33.0522 4940 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:54:33.0568 4940 TDPIPE - ok
15:54:33.0615 4940 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:54:33.0646 4940 TDTCP - ok
15:54:33.0709 4940 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:54:33.0756 4940 tdx - ok
15:54:33.0787 4940 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:54:33.0802 4940 TermDD - ok
15:54:33.0849 4940 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:54:33.0896 4940 TermService - ok
15:54:33.0943 4940 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:54:33.0958 4940 Themes - ok
15:54:33.0990 4940 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:54:34.0021 4940 THREADORDER - ok
15:54:34.0083 4940 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:54:34.0146 4940 TrkWks - ok
15:54:34.0192 4940 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:54:34.0239 4940 TrustedInstaller - ok
15:54:34.0302 4940 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:54:34.0333 4940 tssecsrv - ok
15:54:34.0364 4940 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:54:34.0395 4940 tunmp - ok
15:54:34.0458 4940 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:54:34.0489 4940 tunnel - ok
15:54:34.0520 4940 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:54:34.0536 4940 uagp35 - ok
15:54:34.0598 4940 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:54:34.0629 4940 udfs - ok
15:54:34.0676 4940 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:54:34.0723 4940 UI0Detect - ok
15:54:34.0754 4940 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:54:34.0785 4940 uliagpkx - ok
15:54:34.0832 4940 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:54:34.0863 4940 uliahci - ok
15:54:34.0894 4940 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:54:34.0910 4940 UlSata - ok
15:54:34.0957 4940 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:54:34.0988 4940 ulsata2 - ok
15:54:35.0019 4940 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:54:35.0082 4940 umbus - ok
15:54:35.0113 4940 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:54:35.0175 4940 upnphost - ok
15:54:35.0222 4940 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:54:35.0253 4940 usbccgp - ok
15:54:35.0300 4940 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:54:35.0378 4940 usbcir - ok
15:54:35.0409 4940 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:54:35.0456 4940 usbehci - ok
15:54:35.0472 4940 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:54:35.0487 4940 usbfilter - ok
15:54:35.0503 4940 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:54:35.0550 4940 usbhub - ok
15:54:35.0565 4940 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:54:35.0612 4940 usbohci - ok
15:54:35.0643 4940 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:54:35.0768 4940 usbprint - ok
15:54:35.0815 4940 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:54:35.0846 4940 usbscan - ok
15:54:35.0893 4940 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:54:35.0924 4940 USBSTOR - ok
15:54:35.0940 4940 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:54:35.0971 4940 usbuhci - ok
15:54:36.0002 4940 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:54:36.0049 4940 usbvideo - ok
15:54:36.0080 4940 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:54:36.0111 4940 UxSms - ok
15:54:36.0158 4940 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:54:36.0267 4940 vds - ok
15:54:36.0314 4940 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:54:36.0345 4940 vga - ok
15:54:36.0376 4940 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:54:36.0408 4940 VgaSave - ok
15:54:36.0423 4940 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:54:36.0454 4940 viaagp - ok
15:54:36.0486 4940 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:54:36.0517 4940 ViaC7 - ok
15:54:36.0532 4940 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:54:36.0564 4940 viaide - ok
15:54:36.0579 4940 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:54:36.0595 4940 volmgr - ok
15:54:36.0610 4940 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:54:36.0642 4940 volmgrx - ok
15:54:36.0688 4940 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:54:36.0735 4940 volsnap - ok
15:54:36.0751 4940 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:54:36.0766 4940 vsmraid - ok
15:54:36.0922 4940 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:54:37.0000 4940 VSS - ok
15:54:37.0032 4940 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:54:37.0063 4940 W32Time - ok
15:54:37.0110 4940 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:54:37.0172 4940 WacomPen - ok
15:54:37.0219 4940 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:54:37.0250 4940 Wanarp - ok
15:54:37.0266 4940 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:54:37.0297 4940 Wanarpv6 - ok
15:54:37.0328 4940 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:54:37.0375 4940 wcncsvc - ok
15:54:37.0406 4940 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:54:37.0437 4940 WcsPlugInService - ok
15:54:37.0468 4940 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:54:37.0484 4940 Wd - ok
15:54:37.0593 4940 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:54:37.0640 4940 Wdf01000 - ok
15:54:37.0656 4940 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:54:37.0702 4940 WdiServiceHost - ok
15:54:37.0702 4940 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:54:37.0734 4940 WdiSystemHost - ok
15:54:37.0765 4940 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:54:37.0796 4940 WebClient - ok
15:54:37.0858 4940 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:54:37.0890 4940 Wecsvc - ok
15:54:37.0905 4940 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:54:37.0952 4940 wercplsupport - ok
15:54:38.0046 4940 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:54:38.0061 4940 WerSvc - ok
15:54:38.0108 4940 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:54:38.0155 4940 winachsf - ok
15:54:38.0202 4940 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:54:38.0233 4940 WinDefend - ok
15:54:38.0233 4940 WinHttpAutoProxySvc - ok
15:54:38.0326 4940 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:54:38.0358 4940 Winmgmt - ok
15:54:38.0514 4940 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:54:38.0623 4940 WinRM - ok
15:54:38.0654 4940 WisINT15 - ok
15:54:38.0685 4940 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:54:38.0763 4940 Wlansvc - ok
15:54:39.0184 4940 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:54:39.0294 4940 wlidsvc - ok
15:54:39.0325 4940 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:54:39.0372 4940 WmiAcpi - ok
15:54:39.0465 4940 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:54:39.0496 4940 wmiApSrv - ok
15:54:39.0574 4940 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:39.0668 4940 WMPNetworkSvc - ok
15:54:39.0715 4940 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:54:39.0746 4940 WPCSvc - ok
15:54:39.0777 4940 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:54:39.0824 4940 WPDBusEnum - ok
15:54:39.0996 4940 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:40.0027 4940 WPFFontCache_v0400 - ok
15:54:40.0074 4940 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:54:40.0198 4940 ws2ifsl - ok
15:54:40.0230 4940 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:54:40.0276 4940 wscsvc - ok
15:54:40.0276 4940 WSearch - ok
15:54:40.0354 4940 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:54:40.0573 4940 wuauserv - ok
15:54:40.0635 4940 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:54:40.0682 4940 WUDFRd - ok
15:54:40.0729 4940 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:54:40.0776 4940 wudfsvc - ok
15:54:40.0807 4940 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:54:40.0854 4940 XAudio - ok
15:54:40.0900 4940 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:54:40.0932 4940 XAudioService - ok
15:54:40.0994 4940 ================ Scan global ===============================
15:54:41.0025 4940 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:54:41.0150 4940 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:54:41.0166 4940 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:54:41.0197 4940 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:54:41.0197 4940 [Global] - ok
15:54:41.0197 4940 ================ Scan MBR ==================================
15:54:41.0212 4940 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
15:54:42.0164 4940 \Device\Harddisk0\DR0 - ok
15:54:42.0164 4940 ================ Scan VBR ==================================
15:54:42.0242 4940 [ A1E9374F3F2236F7198C6BD25EAC37C4 ] \Device\Harddisk0\DR0\Partition1
15:54:42.0273 4940 \Device\Harddisk0\DR0\Partition1 - ok
15:54:42.0289 4940 [ 231CF1B62882BBEC4C9F3CBF5E196A84 ] \Device\Harddisk0\DR0\Partition2
15:54:42.0289 4940 \Device\Harddisk0\DR0\Partition2 - ok
15:54:42.0304 4940 ============================================================
15:54:42.0304 4940 Scan finished
15:54:42.0304 4940 ============================================================
15:54:42.0320 3276 Detected object count: 10
15:54:42.0320 3276 Actual detected object count: 10
15:55:44.0767 3276 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
31.08.2012, 16:01
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
05.09.2012, 17:56
| #15 |
| | TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe Willkommen zurück! Combofix Logfile: Code:
ATTFilter ComboFix 12-09-05.02 - *** 05.09.2012 18:32:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2429.1566 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-05 bis 2012-09-05 ))))))))))))))))))))))))))))))
.
.
2012-09-05 16:39 . 2012-09-05 16:40 -------- d-----w- c:\users\***\AppData\Local\temp
2012-09-05 16:39 . 2012-09-05 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 16:47 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9529D618-C7B1-4F3F-AD7D-8D3445736AAF}\mpengine.dll
2012-08-21 16:22 . 2012-08-21 16:22 -------- d-----w- C:\_OTL
2012-08-16 14:25 . 2012-08-16 14:25 -------- d-----w- c:\program files\ESET
2012-08-15 07:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 07:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 17:59 . 2012-08-12 17:59 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-08-12 17:59 . 2012-08-12 17:59 -------- d-----w- c:\programdata\Malwarebytes
2012-08-12 17:59 . 2012-08-12 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-12 17:59 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 08:05 . 2011-10-17 07:06 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-13 08:05 . 2011-10-17 07:06 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-14 18:57 . 2011-07-03 08:44 589824 ----a-w- C:\SP_Connector.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe" [2010-01-03 26248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Wisdom-soft AutoScreenRecorder 3.1 Free"=0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"eRecoveryService"=
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 09:31]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 09:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-05 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,52,0a,c4,dd,72,29,7a,16,f9,c2,23,34,9d,ad,86,84,e0,d2,5e,94,
22,c6,1c,46,d9,74,58,3a,e1,f8,91,16,46,85,e7,e4,fc,ed,02,08,7e,7d,8b,04,c2,\
"rkeysecu"=hex:f8,08,89,66,63,a0,77,bb,47,90,1a,bc,c9,b4,ed,c2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5328)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-09-05 18:42:08
ComboFix-quarantined-files.txt 2012-09-05 16:42
.
Vor Suchlauf: 18 Verzeichnis(se), 80.825.286.656 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 80.730.226.688 Bytes frei
.
- - End Of File - - 136596FA959CE1A66CA02FA66753C1FC
|
|
| Themen zu TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe |
| 'tr/atraps.gen', 'tr/atraps.gen2', 7-zip, antivir, audacity, avira, bho, blockiert, error, firefox, flash player, google, google earth, home, install.exe, intranet, launch, logfile, mozilla, office 2007, programm, prozesse, quelldatei, realtek, registry, rundll, scan, senden, server, svchost.exe, system, system neu, trojaner, trotz verbindung, usb 2.0, vista, visual studio, windows, windows-explorer |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
