| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ebay TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2013, 16:40
| #1 |
| |  Ebay Trojaner hallo an alle, ich habe folgendes problem und hoffe, dass mir jemand helfen kann: vor einigen tagen war ich auf ebay und bemerkte plötzlich, dass sich eine datei namens eBayISAPI.gz automatisch auf meinen pc runtergeladen hatte. ich benutze avast aber avast hat dies weder verhindert, noch mich davor gewarnt. die datei stammte vom link (am besten nicht anklicken - wer weiss was man sich da einfängt) hxxp://my.ebay.de/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayWon&ssPageName=STRK:ME:LNLK:MEWNX das plötzlich eine datei heruntergeladen wird, sorgt natürlich für verunsicherung. das ist mir bei ebay noch nie passiert, also habe ich versucht mir die datei anzusehen aber die war plötzlich nirgends auffindbar. ich habe daraufhin meinen pc mit Malwarebytes und avast gescannt; beide programme haben aber nichts schadhaftes finden können. da ich ein wenig paranoid bin, habe ich weiter auf meinem pc nachgeforscht und festgestellt, dass folgende dateien am selben tag auf meinen pc gelangt sind: https_signin.ebay.de_0.localstorage-journal C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Local Storage https_signin.ebay.de_0.localstorage C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Local Storage Folder: http_a.affil.io_0 C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\databases Folder: https_signin.ebay.de_0 C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\databases Databases Data Base File (.db) C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\databases Databases.db-journal DB-JOURNAL-File (.db-journal) C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\databases ich habe jede dieser dateien und ordner einzeln gescannt aber avast konnte keine viren finden. ich habe die dateien gegoogelt und kaum etwas gefunden. das was ich fand, war widersprüchlich also habe ich mich mit dem kundendienst von ebay in verbindung gesetzt, der mir dann just mitteilte, dass es sich bei der datei ebaylSAPl.gz um einen TROJANER handelt: "Sie haben uns mitgeteilt, dass Sie beim Surfen auf eBay plötzlich die Datei "ebayISAPI.gz" heruntergeladen haben. Sehr gern bin ich Ihnen behilflich. Ich bin Ihrem Anliegen nachgegangen und konnte dieses Phenomen nicht reproduzieren. Die Datei stammt nur scheinbar von eBay. Es handelt sich aber hierbei um einen gefälschten Link, der von einem Trojaner verursacht wird." ich habe meinen pc heute nochmal durchgesehen und die obigen dateien sind plötzlich auch nicht mehr da, warum oder wie auch immer. ich bin jetzt natürlich sehr verunsichert und scanne meinen computer, suche wie verrückt aber finde nichts! ich bin verzweifelt, kann mir bitte jemand helfen? danke im voraus. |
|
22.05.2013, 16:47
| #2 |
| /// Malware-holic   | Ebay Trojaner Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.05.2013, 21:20
| #3 |
| | Ebay Trojaner hallo markusg,
__________________ich habe versucht deinem rat zu folgen und einen otl log zu erstellen, dch was ich auch versucht habe, otl produziert nur einen otl.txt, jedoch keinen extras.txt mehr  ich habe heute mittag glücklicherweise logs erstellt, mit folgendem copy paste in der scan box: netsvcs BASESERVICES %SYSTEMDRIVE%\*.exe /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop dir C:\ /S /A:L /C CREATERESTOREPOINT ich hoffe, dass das auch geht. keine ahnung, warum otl nun zickt und keinen extras log erstellt. danke im voraus für die hilfe: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2013 13:28:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Seven\Desktop An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 73,51% Memory free 2,65 Gb Paging File | 1,74 Gb Available in Paging File | 65,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 47,58 Gb Total Space | 22,40 Gb Free Space | 47,07% Space Free | Partition Type: NTFS Computer Name: UNIMATRIX | User Name: Seven | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 13:23:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Desktop\OTL.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.05.09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2013.05.03 17:21:29 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.04.09 13:25:32 | 000,103,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfParticipantDisplayService.exe PRC - [2013.04.09 13:25:32 | 000,075,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfParticipantProcessorService.exe PRC - [2013.04.09 13:25:32 | 000,068,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfPolicyCriticalService.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.10.11 07:18:30 | 000,353,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2012.10.10 21:53:22 | 000,805,448 | ---- | M] () -- C:\Programme\Atmel\HIDMonitor\HidMonitor.exe PRC - [2012.09.28 09:43:54 | 000,591,504 | ---- | M] (acer) -- C:\Programme\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe PRC - [2012.09.27 15:41:38 | 000,461,968 | ---- | M] (acer) -- C:\Programme\Acer\WTTouchApplicationSuite\Common\DeviceControlCover.exe PRC - [2012.09.26 08:28:48 | 000,328,816 | ---- | M] (Dritek System Inc.) -- C:\Programme\Acer\Device Control\ADevCtrl.exe PRC - [2012.09.24 06:04:18 | 000,124,528 | ---- | M] (Dritek System Inc.) -- C:\Programme\Acer\Device Control\AdWmiSvc.exe PRC - [2012.09.16 04:59:54 | 000,092,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DptfPolicyConfigTDPService.exe PRC - [2012.09.12 04:43:06 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Programme\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2012.09.12 04:42:40 | 000,559,680 | ---- | M] (NTI Corporation) -- C:\Programme\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2012.08.23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2012.04.24 05:35:02 | 000,066,128 | ---- | M] (Dritek System Inc.) -- C:\Programme\Acer\Device Control\DeviceCtrlSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.10.10 21:53:22 | 000,805,448 | ---- | M] () -- C:\Programme\Atmel\HIDMonitor\HidMonitor.exe MOD - [2012.09.26 08:28:44 | 000,612,976 | ---- | M] () -- C:\Programme\Acer\Device Control\Dcu16V9_WT3.dll MOD - [2012.09.12 04:43:42 | 000,465,384 | ---- | M] () -- C:\Programme\NTI\Acer Backup Manager\sqlite3.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.03.14 11:55:02 | 000,087,632 | ---- | M] () -- C:\Programme\Acer\Device Control\WlanMonitor.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.05.09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2013.04.09 13:25:32 | 000,103,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfParticipantDisplayService.exe -- (DptfParticipantDisplayService) SRV - [2013.04.09 13:25:32 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\System32\DptfPolicyLpmService.exe -- (DptfPolicyLpmService) SRV - [2013.04.09 13:25:32 | 000,075,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV - [2013.04.09 13:25:32 | 000,068,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService) SRV - [2013.04.08 23:51:05 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker) SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV - [2013.02.02 10:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm) SRV - [2013.01.29 02:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc) SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM) SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService) SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc) SRV - [2012.09.20 07:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure) SRV - [2012.09.16 04:59:54 | 000,092,672 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV - [2012.09.12 04:43:06 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Programme\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2012.08.23 22:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.07.26 06:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc) SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc) SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc) SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc) SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup) SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso) SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS) SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc) SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\das.dll -- (DeviceAssociationService) SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange) SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat) SRV - [2012.04.24 05:35:02 | 000,066,128 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Acer\Device Control\DeviceCtrlSvc.exe -- (DsiDeviceControlService) ========== Driver Services (SafeList) ========== DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,209,024 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswNdisFlt.sys -- (aswNdisFlt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2013.05.09 10:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013.04.09 13:25:49 | 000,833,816 | ---- | M] (Broadcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\bcmdhd63.sys -- (BCMSDH43XX) DRV - [2013.04.09 13:25:48 | 000,081,648 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clvpep.sys -- (clvpep) DRV - [2013.04.09 13:25:48 | 000,072,280 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ChaabiDriver.sys -- (ChaabiDriver) DRV - [2013.04.09 13:25:48 | 000,062,744 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BcmNfcIc.sys -- (BcmNfcIc) DRV - [2013.04.09 13:25:48 | 000,040,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Uart16550pc.sys -- (Uart16550pc) DRV - [2013.04.09 13:25:47 | 000,048,880 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\inteli2c.sys -- (inteli2c) DRV - [2013.04.09 13:25:47 | 000,025,840 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\LNWIPC.sys -- (LNWIPC) DRV - [2013.04.09 13:25:38 | 000,503,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\igddim32.sys -- (igddim32) DRV - [2013.04.09 13:25:34 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\GPIOCLV.sys -- (GPIOCLV) DRV - [2013.04.09 13:25:32 | 000,163,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfManager.sys -- (DptfManager) DRV - [2013.04.09 13:25:32 | 000,068,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevProc.sys -- (DptfDevProc) DRV - [2013.04.09 13:25:32 | 000,049,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevGen.sys -- (DptfDevGen) DRV - [2013.04.09 13:25:32 | 000,043,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\DptfDevDisplay.sys -- (DptfDevDisplay) DRV - [2013.04.09 13:25:30 | 000,055,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ov8830.sys -- (ov8830) DRV - [2013.04.09 13:25:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ov2720.sys -- (ov2720) DRV - [2013.04.09 13:25:30 | 000,032,768 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\lm3554.sys -- (Lm3554) DRV - [2013.04.09 13:25:29 | 000,236,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\isstrtc.sys -- (IntelSST) DRV - [2013.04.09 13:25:29 | 000,189,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\camera.sys -- (camera) DRV - [2013.04.09 13:25:29 | 000,137,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rtii2sac.sys -- (rtii2sac) DRV - [2013.04.09 13:25:29 | 000,114,968 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BtwSerialBus.sys -- (BtwSerialBus) DRV - [2013.04.09 01:38:20 | 000,238,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport) DRV - [2013.04.06 06:56:18 | 000,191,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wmbclass.sys -- (wmbclass) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM) DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc) DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI) DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci) DRV - [2013.02.02 11:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3) DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot) DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter) DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV - [2013.01.09 05:58:27 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthMini.SYS -- (BthMini) DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid) DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c) DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM) DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\dam.sys -- (dam) DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor) DRV - [2012.10.02 03:47:24 | 000,017,176 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\bcmfn2.sys -- (bcmfn2) DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist) DRV - [2012.09.20 08:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000) DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV - [2012.09.17 14:02:10 | 000,017,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\MSICReg.sys -- (MSICReg) DRV - [2012.09.17 14:02:06 | 000,046,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\spi.sys -- (spi) DRV - [2012.08.22 05:04:28 | 000,016,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\MBI.sys -- (MBI) DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv) DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex) DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS) DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass) DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware) DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt) DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor) DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis) DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS) DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS) DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt) DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus) DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt) DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc) DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf) DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo) DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender) DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap) DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig) DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic) DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime) DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter) DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr) DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID) DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd) DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx) DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx) DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp) DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum) DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc) DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr) DRV - [2012.07.26 04:32:00 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp) DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu) DRV - [2012.06.05 15:05:54 | 000,013,840 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\AcerKBVD.sys -- (AcerKBVDMini) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{C0F5ACF5-23C3-457C-9E96-3D1C8467CF32}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1617793152-3464237319-2579858718-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Ad Blocker = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0\ CHR - Extension: avast! Online Security = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\ CHR - Extension: Google Mail = C:\Users\Seven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (avast! Ad Blocker) - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Programme\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ADevCtrl] C:\Program Files\Acer\Device Control\ADevCtrl.exe (Dritek System Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE32F6D-2F0C-45AD-B70C-9237FC9325D1}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.26 08:52:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: wlidsvc - C:\Windows\System32\wlidsvc.dll (Microsoft Corporation) NetSvcs: SystemEventsBroker - C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation) NetSvcs: DsmSvc - C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs: NcaSvc - C:\Windows\System32\NcaSvc.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 13:23:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Seven\Desktop\OTL.exe [2013.05.18 09:54:37 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.UI.Xaml.dll [2013.05.18 09:54:33 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2013.05.18 09:54:31 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2013.05.18 09:54:26 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAudDecMFT.dll [2013.05.18 09:54:21 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2013.05.18 09:54:20 | 003,390,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.18 09:54:19 | 000,248,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd_02_10ec.dll [2013.05.18 09:54:16 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.05.18 09:54:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll [2013.05.18 09:54:15 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\twinui.dll [2013.05.18 09:54:14 | 000,426,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll [2013.05.18 09:54:14 | 000,324,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2013.05.18 09:54:14 | 000,207,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2013.05.18 09:54:13 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.18 09:54:12 | 001,166,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.efi [2013.05.18 09:54:11 | 000,939,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2013.05.18 09:54:11 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpncore.dll [2013.05.18 09:54:10 | 001,034,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.efi [2013.05.18 09:54:09 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2013.05.18 09:54:08 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2013.05.18 09:54:08 | 000,614,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RecoveryDrive.exe [2013.05.18 09:54:08 | 000,457,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2013.05.18 09:54:07 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Networking.dll [2013.05.18 09:54:07 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll [2013.05.18 09:54:06 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2013.05.18 09:54:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Robocopy.exe [2013.05.18 09:54:05 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.05.18 09:54:05 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll [2013.05.18 09:54:04 | 000,238,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spaceport.sys [2013.05.18 09:54:04 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2013.05.18 09:54:04 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iuilp.dll [2013.05.18 09:54:04 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fhengine.dll [2013.05.18 09:54:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEndpointBuilder.dll [2013.05.18 09:54:03 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fhcfg.dll [2013.05.18 09:54:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2013.05.18 09:54:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl [2013.05.18 09:54:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFMediaEngine.dll [2013.05.18 09:54:02 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2013.05.18 09:54:01 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmbclass.sys [2013.05.18 09:54:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll [2013.05.18 09:54:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2013.05.18 09:54:00 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll [2013.05.18 09:54:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2013.05.18 09:53:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013.05.16 09:06:09 | 000,000,000 | ---D | C] -- C:\Users\Seven\Desktop\Twitter Search - paper lizard spock_files [2013.05.15 16:36:01 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\Google [2013.05.15 08:07:54 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.15 08:07:51 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.15 08:07:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.15 08:07:47 | 005,586,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.05.15 08:07:15 | 000,104,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.03 09:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013.05.02 09:38:12 | 000,000,000 | ---D | C] -- C:\sfzone_profile [2013.05.02 09:35:19 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.01 06:50:01 | 000,000,000 | ---D | C] -- C:\Users\Seven\AppData\Roaming\OpenOffice.org [2013.05.01 06:49:31 | 000,000,000 | --SD | C] -- C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.01 06:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2013.05.01 06:47:23 | 000,000,000 | ---D | C] -- C:\Users\Seven\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.04.28 11:40:43 | 000,000,000 | ---D | C] -- C:\Users\Seven\Desktop\KLEIDER [11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.22 13:26:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 13:24:36 | 000,754,682 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.22 13:24:36 | 000,711,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.22 13:24:36 | 000,156,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.22 13:24:36 | 000,133,464 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.22 13:23:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Seven\Desktop\OTL.exe [2013.05.22 13:21:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 13:20:18 | 000,002,062 | ---- | M] () -- C:\Users\Seven\Desktop\SafeZone-Browser.lnk [2013.05.22 13:20:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 13:19:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.22 13:19:35 | 1683,947,520 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 13:16:47 | 000,632,031 | ---- | M] () -- C:\Users\Seven\Desktop\adwcleaner.exe [2013.05.22 11:37:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.05.18 19:02:51 | 000,300,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 09:07:52 | 000,047,189 | ---- | M] () -- C:\Users\Seven\Desktop\BKVyiUfCIAAa2Bj.jpg-large [2013.05.16 09:07:32 | 000,030,285 | ---- | M] () -- C:\Users\Seven\Desktop\BKJ7ozcCUAAFIpo.jpg-large [2013.05.16 09:06:33 | 000,046,209 | ---- | M] () -- C:\Users\Seven\Desktop\BKSl0YpCMAA9Fez.jpg-large [2013.05.16 09:06:09 | 000,242,999 | ---- | M] () -- C:\Users\Seven\Desktop\Twitter Search - paper lizard spock.htm [2013.05.15 08:30:57 | 000,007,334 | ---- | M] () -- C:\Users\Seven\Desktop\intesivpflege dienst.odt [2013.05.11 18:38:13 | 000,933,696 | ---- | M] () -- C:\Users\Seven\Desktop\Unbenannt.png [2013.05.09 12:38:01 | 000,155,485 | ---- | M] () -- C:\Users\Seven\Desktop\Screenshot (3).png [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.05.09 10:59:09 | 000,209,024 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdisFlt.sys [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.05.09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2013.05.09 10:59:08 | 000,104,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.05.07 22:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.07 22:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.01 18:39:29 | 000,335,872 | ---- | M] ( ) -- C:\Users\Seven\Desktop\PrcView.exe [2013.05.01 06:50:20 | 000,001,201 | ---- | M] () -- C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.01 06:49:33 | 000,001,206 | ---- | M] () -- C:\Users\Seven\Desktop\OpenOffice.org 3.4.1.lnk [2013.04.29 11:57:29 | 000,000,007 | ---- | M] () -- C:\Users\Seven\Desktop\Neues RTF-Dokument (2).rtf [2013.04.28 19:53:56 | 000,001,731 | ---- | M] () -- C:\Users\Seven\Desktop\license.avastlic [11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 13:16:45 | 000,632,031 | ---- | C] () -- C:\Users\Seven\Desktop\adwcleaner.exe [2013.05.18 19:02:43 | 000,300,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.18 09:54:00 | 000,387,688 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml [2013.05.16 09:07:51 | 000,047,189 | ---- | C] () -- C:\Users\Seven\Desktop\BKVyiUfCIAAa2Bj.jpg-large [2013.05.16 09:07:31 | 000,030,285 | ---- | C] () -- C:\Users\Seven\Desktop\BKJ7ozcCUAAFIpo.jpg-large [2013.05.16 09:06:33 | 000,046,209 | ---- | C] () -- C:\Users\Seven\Desktop\BKSl0YpCMAA9Fez.jpg-large [2013.05.16 09:06:08 | 000,242,999 | ---- | C] () -- C:\Users\Seven\Desktop\Twitter Search - paper.htm [2013.05.15 08:30:57 | 000,007,334 | ---- | C] () -- C:\Users\Seven\Desktop\intessa.odt [2013.05.11 18:38:12 | 000,933,696 | ---- | C] () -- C:\Users\Seven\Desktop\Unbenannt.png [2013.05.09 12:37:50 | 000,155,485 | ---- | C] () -- C:\Users\Seven\Desktop\Screenshot (3).png [2013.05.01 18:39:56 | 000,335,872 | ---- | C] ( ) -- C:\Users\Seven\Desktop\PrcView.exe [2013.05.01 06:50:19 | 000,001,201 | ---- | C] () -- C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.01 06:49:33 | 000,001,206 | ---- | C] () -- C:\Users\Seven\Desktop\OpenOffice.org 3.4.1.lnk [2013.04.29 11:57:29 | 000,000,007 | ---- | C] () -- C:\Users\Seven\Desktop\Neues RTF-Dokument (2).rtf [2013.04.28 19:53:56 | 000,001,731 | ---- | C] () -- C:\Users\Seven\Desktop\license.avastlic [2013.04.09 21:30:19 | 000,083,968 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll [2013.04.09 13:41:54 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.04.09 13:41:54 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.04.09 13:25:49 | 000,236,134 | ---- | C] () -- C:\Windows\System32\drivers\4330b2rtecdc.bin [2013.04.09 13:25:48 | 000,515,150 | ---- | C] () -- C:\Windows\System32\drivers\43241b0rtecdc.bin [2013.04.09 13:25:39 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2013.04.09 13:25:30 | 001,659,946 | ---- | C] () -- C:\Windows\System32\drivers\isp_firmware.bin [2013.04.09 13:25:29 | 000,640,436 | ---- | C] () -- C:\Windows\System32\drivers\realtek_fw_sst.bin [2012.12.24 13:20:05 | 000,305,546 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.12.24 13:20:04 | 000,754,682 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.12.24 13:20:04 | 000,156,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.12.24 13:20:04 | 000,040,390 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.07.26 08:55:27 | 000,711,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2012.07.26 08:55:27 | 000,133,464 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin [2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\Windows\System32\srms.dat [2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\settings.dat [2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\Windows\System32\WpcNBModel.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== ZeroAccess Check ========== [2012.12.24 04:43:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.06 18:39:27 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\Acer [2013.04.06 18:39:49 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\lm [2013.05.01 06:50:01 | 000,000,000 | ---D | M] -- C:\Users\Seven\AppData\Roaming\OpenOffice.org ========== Purity Check ========== ========== Custom Scans ========== ========== Base Services ========== SRV - [2012.09.20 07:53:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2013.03.06 07:02:07 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2012.07.26 05:20:42 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2012.07.26 05:19:47 | 000,630,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2012.11.27 06:19:03 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso) SRV - [2012.07.26 05:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2012.07.26 05:18:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2012.07.26 05:18:10 | 000,051,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2012.07.26 05:19:51 | 000,656,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2012.10.11 07:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2012.09.20 07:53:44 | 000,160,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2012.07.26 05:18:24 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2012.07.26 05:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2012.07.26 05:18:44 | 000,392,192 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2012.07.26 05:18:44 | 000,370,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV - [2012.07.26 05:20:04 | 000,404,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2012.09.20 07:54:11 | 000,060,928 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2012.07.26 05:19:22 | 000,199,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2013.02.02 10:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm) SRV - [2012.09.20 07:54:25 | 000,286,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2012.07.26 06:17:16 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2012.09.20 07:54:56 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2012.07.26 05:20:58 | 000,496,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler) No service found with a name of ProtectedStorage No service found with a name of EMDMgmt SRV - [2012.07.26 05:19:48 | 000,087,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2012.07.26 05:19:48 | 000,302,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2012.07.26 05:19:51 | 000,656,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2012.07.26 05:19:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2012.09.20 07:55:17 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2013.04.08 23:52:03 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2012.07.26 05:20:03 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2012.07.26 05:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV - [2013.04.08 23:51:44 | 000,942,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2012.07.26 05:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2012.07.26 05:20:06 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2012.07.26 05:19:45 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2012.07.26 05:21:00 | 001,150,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2013.04.08 23:51:05 | 000,598,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2013.04.08 23:51:05 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV - [2012.07.26 05:19:53 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2013.01.29 02:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2012.07.26 05:20:18 | 001,372,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (EventLog) SRV - [2012.10.11 07:06:32 | 000,698,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2012.07.26 05:20:19 | 000,472,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc) SRV - [2012.07.26 05:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver) SRV - [2012.07.26 05:20:32 | 000,166,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (winmgmt) SRV - [2013.03.02 10:23:43 | 002,560,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2012.07.26 05:18:21 | 000,211,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2012.11.06 06:20:21 | 001,203,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (WlanSvc) SRV - [2012.07.26 05:20:28 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2012.10.11 07:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\x86_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_4f1f6140641844bc\explorer.exe [2012.07.26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\x86_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_4e5fb2f34b233380\explorer.exe [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\explorer.exe [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\x86_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_4e94c42b4afb8b9b\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe < MD5 for: SERVICES > [2012.07.26 06:17:20 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\Drivers\etc\services [2012.07.26 06:17:16 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\x86_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_31eaa9573678b6f3\services < MD5 for: SERVICES.EXE > [2012.09.20 07:56:25 | 000,332,800 | ---- | M] (Microsoft Corporation) MD5=3E918B8C816F4CBBC7C74196590BF53E -- C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_3c8b4eaae6f9ad7c\services.exe [2012.07.26 06:17:18 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=575FB4211BB07DB7D2179B1B05FE7EFD -- C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_3bc3d14fce0a0436\services.exe [2012.09.20 07:55:24 | 000,332,800 | ---- | M] (Microsoft Corporation) MD5=6528BAACA25356FE226904DD36C82BA7 -- C:\Windows\System32\services.exe [2012.09.20 07:55:24 | 000,332,800 | ---- | M] (Microsoft Corporation) MD5=6528BAACA25356FE226904DD36C82BA7 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_3c00b195cddcf45b\services.exe < MD5 for: SERVICES.EXE.MUI > [2012.12.24 13:16:52 | 000,021,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\de-DE\services.exe.mui [2012.12.24 13:16:52 | 000,021,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_de-de_bdb77cff087de6bd\services.exe.mui < MD5 for: SERVICES.JS > [2013.04.16 10:32:12 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.275_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.16 10:31:20 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.273_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.16 10:32:03 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.273_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.16 10:31:33 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.274_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.30 07:37:02 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.288_x86__8wekyb3d8bbwe\common\js\services.js [2012.07.26 08:52:01 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js [2012.07.26 08:51:51 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js [2012.07.26 08:51:47 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js [2012.07.26 08:52:38 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x86__8wekyb3d8bbwe\platform\js\services.js [2012.07.26 08:51:55 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x86__8wekyb3d8bbwe\platform\js\services.js [2013.04.11 08:04:39 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.11 08:02:29 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.11 08:07:37 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x86__8wekyb3d8bbwe\Common\js\services.js [2013.04.11 08:04:19 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x86__8wekyb3d8bbwe\common\js\services.js [2013.04.11 08:06:11 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x86__8wekyb3d8bbwe\common\js\services.js < MD5 for: SERVICES.LNK > [2012.07.25 22:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2012.07.25 22:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2012.07.25 22:22:12 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_cc0eee851721a9a4\services.lnk < MD5 for: SERVICES.MOF > [2012.06.02 16:33:56 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof [2012.06.02 16:33:56 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\services.mof < MD5 for: SERVICES.MSC > [2012.06.02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\System32\services.msc [2012.06.02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_cc0eee851721a9a4\services.msc [2012.12.24 13:17:32 | 000,092,745 | ---- | M] () MD5=C7DFBF099578C82115FE9A099F9C4CFF -- C:\Windows\System32\de-DE\services.msc [2012.12.24 13:17:32 | 000,092,745 | ---- | M] () MD5=C7DFBF099578C82115FE9A099F9C4CFF -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_de-de_f7f94ceadee780b0\services.msc < MD5 for: SERVICES.PTXML > [2012.07.25 22:34:53 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml [2012.07.25 22:34:53 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_cc0acc489eafc5cb\Services.ptxml < MD5 for: SERVICES.RDB > [2012.08.13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb [2012.08.13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb [2012.07.24 11:13:44 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\Acer\WTTouchApplicationSuite\DocViewer\OpenOffice.org 3\URE\misc\services.rdb [2012.08.10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb [2012.07.24 11:13:34 | 005,310,464 | ---- | M] () MD5=F50A9BC8337E369C4827D647C3981155 -- C:\Program Files\Acer\WTTouchApplicationSuite\DocViewer\OpenOffice.org 3\Basis\program\services.rdb < MD5 for: SERVICES.SBS > [2011.03.01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs < MD5 for: SVCHOST.EXE > [2012.07.26 05:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe [2012.09.20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\System32\svchost.exe [2012.09.20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2012.09.20 07:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe < MD5 for: USERINIT.EXE > [2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\System32\userinit.exe [2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe < MD5 for: WINLOGON.EXE > [2012.10.11 07:08:28 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=87DA6ACA9AF2F536C68471787D1B3F4A -- C:\Windows\System32\winlogon.exe [2012.10.11 07:08:28 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=87DA6ACA9AF2F536C68471787D1B3F4A -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_6ca31e2fa63098d1\winlogon.exe [2012.10.11 07:13:23 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=9EA55D5CAC625110BD1E9E36F7EACB3B -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_6d2dbb44bf4d51f2\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.09.20 07:56:29 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=B5104C92CED439A9AFD97B9289D586EC -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_6d358a52bf47e9fc\winlogon.exe [2012.07.26 05:21:01 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=C06BA1F360CEF6AB51F41B3D0D5FE92D -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_6c6e0cf7a65840b6\winlogon.exe [2012.09.20 07:55:28 | 000,411,648 | ---- | M] (Microsoft Corporation) MD5=D75035A24FF8D5A489366C685030DB4C -- C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_6caaed3da62b30db\winlogon.exe < dir C:\ /S /A:L /C > Datentr„ger in Laufwerk C: ist Acer Volumeseriennummer: 74E8-1F07 Verzeichnis von C:\ 26.07.2012 08:04 <JUNCTION> Documents and Settings [C:\Users] 06.04.2013 18:31 <JUNCTION> Dokumente und Einstellungen [C:\Users] 06.04.2013 18:31 <JUNCTION> Programme [C:\Program Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files 06.04.2013 18:31 <JUNCTION> Gemeinsame Dateien [C:\Program Files\Common Files] 0 Datei(en), 0 Bytes Verzeichnis von C:\Program Files\Windows NT 06.04.2013 18:31 <JUNCTION> Zubeh”r [C:\Program Files\Windows NT\Accessories] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData 06.04.2013 18:31 <JUNCTION> Anwendungsdaten [C:\ProgramData] 26.07.2012 08:04 <JUNCTION> Application Data [C:\ProgramData] 26.07.2012 08:04 <JUNCTION> Desktop [C:\Users\Public\Desktop] 26.07.2012 08:04 <JUNCTION> Documents [C:\Users\Public\Documents] 06.04.2013 18:31 <JUNCTION> Dokumente [C:\Users\Public\Documents] 26.07.2012 08:04 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 06.04.2013 18:31 <JUNCTION> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 26.07.2012 08:04 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 06.04.2013 18:31 <JUNCTION> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\ProgramData\Microsoft\Windows\Start Menu 06.04.2013 18:31 <JUNCTION> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users 26.07.2012 08:04 <SYMLINKD> All Users [C:\ProgramData] 26.07.2012 08:04 <JUNCTION> Default User [C:\Users\Default] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users 06.04.2013 18:31 <JUNCTION> Anwendungsdaten [C:\ProgramData] 26.07.2012 08:04 <JUNCTION> Application Data [C:\ProgramData] 26.07.2012 08:04 <JUNCTION> Desktop [C:\Users\Public\Desktop] 26.07.2012 08:04 <JUNCTION> Documents [C:\Users\Public\Documents] 06.04.2013 18:31 <JUNCTION> Dokumente [C:\Users\Public\Documents] 26.07.2012 08:04 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 06.04.2013 18:31 <JUNCTION> Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 26.07.2012 08:04 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 06.04.2013 18:31 <JUNCTION> Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\All Users\Microsoft\Windows\Start Menu 06.04.2013 18:31 <JUNCTION> Programme [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default 06.04.2013 18:31 <JUNCTION> Anwendungsdaten [C:\Users\Default\AppData\Roaming] 26.07.2012 08:04 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming] 26.07.2012 08:04 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 06.04.2013 18:31 <JUNCTION> Druckumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 06.04.2013 18:31 <JUNCTION> Eigene Dateien [C:\Users\Default\Documents] 26.07.2012 08:04 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local] 06.04.2013 18:31 <JUNCTION> Lokale Einstellungen [C:\Users\Default\AppData\Local] 26.07.2012 08:04 <JUNCTION> My Documents [C:\Users\Default\Documents] 26.07.2012 08:04 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 06.04.2013 18:31 <JUNCTION> Netzwerkumgebung [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 26.07.2012 08:04 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 26.07.2012 08:04 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 26.07.2012 08:04 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 26.07.2012 08:04 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 06.04.2013 18:31 <JUNCTION> Startmen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 26.07.2012 08:04 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 06.04.2013 18:31 <JUNCTION> Vorlagen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Local 06.04.2013 18:31 <JUNCTION> Anwendungsdaten [C:\Users\Default\AppData\Local] 26.07.2012 08:04 <JUNCTION> Application Data [C:\Users\Default\AppData\Local] 26.07.2012 08:04 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 26.07.2012 08:04 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 06.04.2013 18:31 <JUNCTION> Verlauf [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 06.04.2013 18:31 <JUNCTION> Programme [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Default\Documents 06.04.2013 18:31 <JUNCTION> Eigene Bilder [C:\Users\Default\Pictures] 06.04.2013 18:31 <JUNCTION> Eigene Musik [C:\Users\Default\Music] 06.04.2013 18:31 <JUNCTION> Eigene Videos [C:\Users\Default\Videos] 26.07.2012 08:04 <JUNCTION> My Music [C:\Users\Default\Music] 26.07.2012 08:04 <JUNCTION> My Pictures [C:\Users\Default\Pictures] 26.07.2012 08:04 <JUNCTION> My Videos [C:\Users\Default\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Public\Documents 06.04.2013 18:31 <JUNCTION> Eigene Bilder [C:\Users\Public\Pictures] 06.04.2013 18:31 <JUNCTION> Eigene Musik [C:\Users\Public\Music] 06.04.2013 18:31 <JUNCTION> Eigene Videos [C:\Users\Public\Videos] 26.07.2012 08:04 <JUNCTION> My Music [C:\Users\Public\Music] 26.07.2012 08:04 <JUNCTION> My Pictures [C:\Users\Public\Pictures] 26.07.2012 08:04 <JUNCTION> My Videos [C:\Users\Public\Videos] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Seven 06.04.2013 18:39 <JUNCTION> Anwendungsdaten [C:\Users\Seven\AppData\Roaming] 06.04.2013 18:39 <JUNCTION> Cookies [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Cookies] 06.04.2013 18:39 <JUNCTION> Druckumgebung [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 06.04.2013 18:39 <JUNCTION> Eigene Dateien [C:\Users\Seven\Documents] 06.04.2013 18:39 <JUNCTION> Lokale Einstellungen [C:\Users\Seven\AppData\Local] 06.04.2013 18:39 <JUNCTION> Netzwerkumgebung [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 06.04.2013 18:39 <JUNCTION> Recent [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Recent] 06.04.2013 18:39 <JUNCTION> SendTo [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\SendTo] 06.04.2013 18:39 <JUNCTION> Startmen [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu] 06.04.2013 18:39 <JUNCTION> Vorlagen [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Templates] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Seven\AppData\Local 06.04.2013 18:39 <JUNCTION> Anwendungsdaten [C:\Users\Seven\AppData\Local] 06.04.2013 18:39 <JUNCTION> Temporary Internet Files [C:\Users\Seven\AppData\Local\Microsoft\Windows\Temporary Internet Files] 06.04.2013 18:39 <JUNCTION> Verlauf [C:\Users\Seven\AppData\Local\Microsoft\Windows\History] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu 06.04.2013 18:39 <JUNCTION> Programme [C:\Users\Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 Datei(en), 0 Bytes Verzeichnis von C:\Users\Seven\Documents 06.04.2013 18:39 <JUNCTION> Eigene Bilder [C:\Users\Seven\Pictures] 06.04.2013 18:39 <JUNCTION> Eigene Musik [C:\Users\Seven\Music] 06.04.2013 18:39 <JUNCTION> Eigene Videos [C:\Users\Seven\Videos] 0 Datei(en), 0 Bytes Anzahl der angezeigten Dateien: 0 Datei(en), 0 Bytes 79 Verzeichnis(se), 24.714.321.920 Bytes frei < End of report > und hier der extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 13:28:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Seven\Desktop
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 73,51% Memory free
2,65 Gb Paging File | 1,74 Gb Available in Paging File | 65,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,58 Gb Total Space | 22,40 Gb Free Space | 47,07% Space Free | Partition Type: NTFS
Computer Name: UNIMATRIX | User Name: Seven| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089582C3-3400-42F8-9EF3-94BE013BED14}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{0B603AA8-59B6-4B8B-A5F4-CF695CF91431}" = protocol=6 | dir=in | app=c:\program files\acer\clear.fi photo\windowsupnp.exe |
"{0FC489AD-D744-47B6-B079-E89B88D82972}" = dir=out | name=windows_ie_ac_001 |
"{11888F3D-242E-4F99-B3F0-4A6DCC99BCCC}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{13676C12-4E46-4A05-AE11-8DBF553F1496}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{17516AEB-4AF0-44E3-AEFA-27D4BE77F762}" = protocol=17 | dir=in | app=c:\program files\spotify\data\spotifywebhelper.exe |
"{1A487B15-7880-441C-8906-313927DBD669}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1E52551C-352E-408A-B965-0F7845A1D7D3}" = dir=in | name=skype |
"{1EF7C4F7-1473-4310-9A6D-B66A3CCD1DFB}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{22E8093F-6B51-4FA4-939C-2074537746E5}" = protocol=6 | dir=in | app=c:\program files\acer\clear.fi media\windowsupnpmv.exe |
"{24BA52C7-619E-4A1D-B5E3-4DAD304798C4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{297827C1-BF85-4B63-A307-4B1484AEBF07}" = protocol=6 | dir=in | app=c:\program files\acer\acer cloud\ccd.exe |
"{2EE8FDA3-BFF9-4532-B5CF-E5E2674BC5F8}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{395E8078-DAB7-47B0-8FB8-7BF33050CA90}" = dir=out | name=7digital music store |
"{3A5B6B83-9F33-4912-8954-87FEE6A5ED9C}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3C83B152-159D-46CB-BFA1-3A9C680B520A}" = protocol=6 | dir=in | app=c:\program files\acer\clear.fi media\dmcdaemon.exe |
"{40D0E00F-E71D-444E-A571-736937709B55}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{440C78A5-A588-41E5-8142-B1ABFF80ED8E}" = protocol=6 | dir=in | app=c:\program files\spotify\data\spotifywebhelper.exe |
"{4A37BF6F-9159-4A0A-ADFA-0A7504DD99C7}" = dir=out | name=evernote |
"{599A12AB-2AAC-4421-9746-73DE13C14E31}" = protocol=17 | dir=in | app=c:\program files\acer\clear.fi media\windowsupnpmv.exe |
"{5B4517B9-5EA1-4990-ADA7-2697F06D7930}" = protocol=17 | dir=in | app=c:\program files\acer\clear.fi photo\windowsupnp.exe |
"{650DAEB4-5405-435F-930F-A0F6025052D8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{68A1C7A6-3330-459D-88D9-58576232F66D}" = protocol=6 | dir=in | app=c:\program files\acer\clear.fi photo\dmcdaemon.exe |
"{6D57F40B-C42C-43DD-AAFE-31F771D561C6}" = protocol=17 | dir=in | app=c:\program files\acer\acer cloud\ccd.exe |
"{74B5BE71-3D67-4467-BADE-B1C62880737F}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{763CF24B-9FB5-4689-96DE-71C7F1B72E2B}" = protocol=17 | dir=in | app=c:\program files\acer\clear.fi media\dmcdaemon.exe |
"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{7DB5D114-0246-4BC1-8249-A6CDA39074B3}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{7F9AD594-B253-418D-8595-ED5845A059BC}" = dir=out | name=ebay |
"{8ABB06A0-E550-42AD-8B13-244E55325FE6}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8E251F83-AE2B-4DC1-9C4F-62A73FC2A226}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{92EF08BB-877F-495A-94D1-9363BA70B76F}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{93D75F8C-9A4B-4DC2-B107-CF0856491BDE}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A2AB8F60-094D-4A4D-97CB-EC3C17D960D5}" = protocol=17 | dir=in | app=c:\program files\acer\clear.fi photo\dmcdaemon.exe |
"{ABADF5F4-1BEB-4844-BC74-60802B0F2E7C}" = dir=in | app=c:\program files\nti\acer backup manager\fileexplorer.exe |
"{AD56DA7C-AB43-41A6-ADFA-048778775F8A}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{B1D151CB-7274-4BA6-BE52-14B6A4EF8269}" = dir=out | name=acer explorer |
"{B5D36FF3-8F93-4E95-AA59-97606C9C4647}" = dir=in | app=c:\program files\acer\clear.fi sdk21\movie\playmovie.exe |
"{B7C6DAC5-2442-44A3-8B58-EDDBFED89362}" = dir=in | app=c:\program files\nti\acer backup manager\backupmanager.exe |
"{BA8BDDA5-6BFE-4A80-B64D-169732351CFE}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{C9E380AC-2CC4-4D80-97FA-3A1687923BE7}" = dir=out | name=social jogger |
"{CD137F25-7294-48AE-BBB8-91F2BA6D5D12}" = dir=in | app=c:\program files\nti\acer backup manager\ischedulesvc.exe |
"{D2134F8B-3CEF-4763-A815-911BF9F11E41}" = dir=out | name=txtr reader |
"{D3E08619-C3F8-4441-A56D-B8CFB0065832}" = dir=out | name=tunein radio |
"{D592A5BF-0963-45F9-BB48-C36AABB7C70B}" = dir=in | app=c:\program files\acer\clear.fi sdk21\video\musicplayer.exe |
"{DAD5FE87-6BBB-43AF-9048-3CB437DE6346}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{DE1BA9E7-0E2D-4618-BED6-61FC56840107}" = dir=out | name=newsxpresso metro |
"{DE1EB74C-4A24-4C1A-A743-A075FBCBB87E}" = dir=out | name=skype |
"{E17E7782-1B9E-4FB8-BF58-0AF4603A5A75}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E3261782-0526-4504-B91D-915BFFDC9188}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E99451CE-2C9F-48A9-AC34-BA3E5B0327CA}" = dir=in | app=c:\program files\acer\clear.fi sdk21\video\videoplayer.exe |
"{EA93761A-AF0E-4C53-A779-E857AE3038AC}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{ED03CABF-48EA-4D49-B11A-8F6F5796E744}" = dir=in | name=evernote |
"{F2F885FB-B366-4EA3-82E6-F571E950F0EB}" = dir=out | name=acer crystal eye (tablet edition) |
"{F9ADD64D-6A09-42F6-9D3C-0C76FED5B413}" = dir=in | name=ebay |
"{FA8DE017-8038-4C35-881F-C913AFAAF95A}" = dir=out | name=skitch |
"TCP Query User{8774DB1C-A0D1-4C3D-A9D3-FAC560343D21}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{FE48754E-BB5A-46A2-8FD0-577EEC57E0EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{89F95640-69B6-421C-A40C-5D0E534EC33F}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{9D186DC3-1CDC-439F-81BB-EF75FEEDFA7E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C6667-63D3-4416-B537-865E77F4DF4F}" = avast! Ad Blocker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{45D64170-C929-4A80-9897-6A5206600870}" = HIDmonitor
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D6B57AF2-2406-49E4-B219-EAA8B0B9F3CF}" = Acer Recovery Management
"{D6D6EB59-35DB-4056-A0D3-01ABF7904E84}" = WTTouchApplicationSuite
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"2BB22DE6FC26103C11A328A9CD95FA186E2EB7E7" = Windows-Treiberpaket - Broadcom (BcmNfcIc) System (09/26/2012 1.0.0.3400)
"3AC7BB74CEACDA2711DD0EA008B29A3F1653FA4D" = Windows-Treiberpaket - Broadcom (BCMSDH43XX) Net (08/09/2012 5.93.97.68)
"6E1A4BC869EDD219CC3A0DD869ECDA1F4709C999" = Windows-Treiberpaket - Broadcom (BtwSerialBus) System (09/07/2012 12.0.0.2211)
"8ACEFA31AC73553F5EEFA5785AD8D4D0E850401F" = Windows-Treiberpaket - Broadcom (bcmfn2) System (08/30/2012 20.43.14.119)
"960D49F95F2322FF7D9088E3679C47488ECDF8E5" = Windows-Treiberpaket - Broadcom (WUDFRd) Proximity (09/26/2012 1.0.0.3400)
"ADevCtrl" = Acer Device Control
"avast" = avast! Internet Security
"Google Chrome" = Google Chrome
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Spotify" = Spotify
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2013 14:08:09 | Computer Name = unimatrix | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 17.05.2013 14:08:10 | Computer Name = unimatrix | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 17.05.2013 17:12:24 | Computer Name = unimatrix | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.05.2013 03:46:12 | Computer Name = unimatrix | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 18.05.2013 03:49:26 | Computer Name = unimatrix | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.05.2013 05:41:54 | Computer Name = unimatrix | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.05.2013 06:49:26 | Computer Name = unimatrix | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „DefaultBrowser_NOPUBLISHERID!Chrome“
ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.05.2013 06:49:30 | Computer Name = unimatrix | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description =
Error - 18.05.2013 10:19:40 | Computer Name = unimatrix | Source = DptfPolicyConfigTDPService | ID = 131073
Description =
Error - 18.05.2013 10:19:40 | Computer Name = unimatrix | Source = DptfPolicyConfigTDPService | ID = 131073
Description =
[ System Events ]
Error - 15.05.2013 10:31:33 | Computer Name = unimatrix | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 15.05.2013 10:33:46 | Computer Name = unimatrix | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet:
%%16389
Error - 15.05.2013 14:15:54 | Computer Name = unimatrix | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 16.05.2013 14:16:51 | Computer Name = unimatrix | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst MBAMService erreicht.
Error - 17.05.2013 05:29:27 | Computer Name = unimatrix | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 17.05.2013 05:29:27 | Computer Name = unimatrix | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 17.05.2013 05:29:27 | Computer Name = unimatrix | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 17.05.2013 10:34:20 | Computer Name = unimatrix | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 17.05.2013 10:34:30 | Computer Name = unimatrix | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?05.?2013 um 16:24:47 unerwartet heruntergefahren.
Error - 17.05.2013 10:36:40 | Computer Name = unimatrix | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet:
%%16389
< End of report >
|
|
22.05.2013, 23:51
| #4 |
| /// Malware-holic | Ebay Trojaner Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 17:04
| #5 |
| | Ebay Trojaner Hallo, ich habe einen Scan mit TDSSKiller durchgeführt. Es wurde keine Bedrohung gefunden. Hier der Log: 17:56:09.0801 4404 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 17:56:09.0802 4404 UEFI system 17:56:10.0350 4404 ============================================================ 17:56:10.0350 4404 Current date / time: 2013/05/23 17:56:10.0350 17:56:10.0350 4404 SystemInfo: 17:56:10.0351 4404 17:56:10.0351 4404 OS Version: 6.2.9200 ServicePack: 0.0 17:56:10.0351 4404 Product type: Workstation 17:56:10.0351 4404 ComputerName: UNIMATRIX 17:56:10.0351 4404 UserName: Seven 17:56:10.0352 4404 Windows directory: C:\Windows 17:56:10.0352 4404 System windows directory: C:\Windows 17:56:10.0352 4404 Processor architecture: Intel x86 17:56:10.0352 4404 Number of processors: 4 17:56:10.0352 4404 Page size: 0x1000 17:56:10.0352 4404 Boot type: Normal boot 17:56:10.0352 4404 ============================================================ 17:56:11.0046 4404 !crdlk 17:56:11.0068 4404 Drive \Device\Harddisk0\DR0 - Size: 0xE8D000000 (58.20 Gb), SectorSize: 0x200, Cylinders: 0x1DAD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:56:11.0070 4404 ============================================================ 17:56:11.0070 4404 \Device\Harddisk0\DR0: 17:56:11.0070 4404 Can't read MBR 17:56:11.0071 4404 Initialize success 17:56:11.0071 4404 ============================================================ 17:57:14.0014 0388 ============================================================ 17:57:14.0014 0388 Scan started 17:57:14.0014 0388 Mode: Manual; SigCheck; TDLFS; 17:57:14.0014 0388 ============================================================ 17:57:14.0029 0388 ================ Scan system memory ======================== 17:57:14.0029 0388 System memory - ok 17:57:14.0029 0388 ================ Scan services ============================= 17:57:14.0092 0388 1394ohci - ok 17:57:14.0108 0388 3ware - ok 17:57:14.0123 0388 AcerKBVDMini - ok 17:57:14.0139 0388 ACPI - ok 17:57:14.0155 0388 acpiex - ok 17:57:14.0170 0388 acpipagr - ok 17:57:14.0186 0388 AcpiPmi - ok 17:57:14.0201 0388 acpitime - ok 17:57:14.0217 0388 adp94xx - ok 17:57:14.0233 0388 adpahci - ok 17:57:14.0264 0388 adpu320 - ok 17:57:14.0280 0388 AeLookupSvc - ok 17:57:14.0295 0388 AFD - ok 17:57:14.0311 0388 agp440 - ok 17:57:14.0326 0388 ALG - ok 17:57:14.0342 0388 AllUserInstallAgent - ok 17:57:14.0358 0388 amdagp - ok 17:57:14.0373 0388 AmdK8 - ok 17:57:14.0389 0388 AmdPPM - ok 17:57:14.0420 0388 amdsata - ok 17:57:14.0436 0388 amdsbs - ok 17:57:14.0451 0388 amdxata - ok 17:57:14.0467 0388 AppID - ok 17:57:14.0483 0388 AppIDSvc - ok 17:57:14.0498 0388 Appinfo - ok 17:57:14.0514 0388 arc - ok 17:57:14.0530 0388 arcsas - ok 17:57:14.0545 0388 aswFsBlk - ok 17:57:14.0561 0388 aswFW - ok 17:57:14.0576 0388 aswKbd - ok 17:57:14.0592 0388 aswMonFlt - ok 17:57:14.0608 0388 aswNdisFlt - ok 17:57:14.0623 0388 aswRdr - ok 17:57:14.0639 0388 aswRvrt - ok 17:57:14.0670 0388 aswSnx - ok 17:57:14.0686 0388 aswSP - ok 17:57:14.0701 0388 aswTdi - ok 17:57:14.0717 0388 aswVmm - ok 17:57:14.0733 0388 AsyncMac - ok 17:57:14.0748 0388 atapi - ok 17:57:14.0764 0388 AudioEndpointBuilder - ok 17:57:14.0780 0388 Audiosrv - ok 17:57:14.0795 0388 avast! Antivirus - ok 17:57:14.0811 0388 avast! Firewall - ok 17:57:14.0826 0388 AxInstSV - ok 17:57:14.0842 0388 BasicDisplay - ok 17:57:14.0858 0388 BasicRender - ok 17:57:14.0889 0388 bcmfn2 - ok 17:57:14.0905 0388 BcmNfcIc - ok 17:57:14.0920 0388 BCMSDH43XX - ok 17:57:14.0936 0388 BDESVC - ok 17:57:14.0967 0388 Beep - ok 17:57:14.0983 0388 BFE - ok 17:57:14.0998 0388 BITS - ok 17:57:15.0014 0388 bowser - ok 17:57:15.0030 0388 BrokerInfrastructure - ok 17:57:15.0045 0388 Browser - ok 17:57:15.0061 0388 BthAvrcpTg - ok 17:57:15.0076 0388 BthEnum - ok 17:57:15.0092 0388 BthHFEnum - ok 17:57:15.0108 0388 bthhfhid - ok 17:57:15.0123 0388 BthLEEnum - ok 17:57:15.0139 0388 BthMini - ok 17:57:15.0155 0388 BTHMODEM - ok 17:57:15.0170 0388 BthPan - ok 17:57:15.0186 0388 BTHPORT - ok 17:57:15.0201 0388 bthserv - ok 17:57:15.0233 0388 btwampfl - ok 17:57:15.0248 0388 BtwSerialBus - ok 17:57:15.0264 0388 camera - ok 17:57:15.0280 0388 CCDMonitorService - ok 17:57:15.0295 0388 cdfs - ok 17:57:15.0311 0388 cdrom - ok 17:57:15.0311 0388 CertPropSvc - ok 17:57:15.0342 0388 ChaabiDriver - ok 17:57:15.0358 0388 circlass - ok 17:57:15.0373 0388 CLFS - ok 17:57:15.0405 0388 clvpep - ok 17:57:15.0420 0388 CmBatt - ok 17:57:15.0436 0388 CNG - ok 17:57:15.0451 0388 cnghwassist - ok 17:57:15.0467 0388 CompositeBus - ok 17:57:15.0483 0388 COMSysApp - ok 17:57:15.0498 0388 condrv - ok 17:57:15.0530 0388 CryptSvc - ok 17:57:15.0545 0388 dam - ok 17:57:15.0561 0388 DcomLaunch - ok 17:57:15.0576 0388 defragsvc - ok 17:57:15.0608 0388 DeviceAssociationService - ok 17:57:15.0623 0388 DeviceInstall - ok 17:57:15.0639 0388 Dfsc - ok 17:57:15.0655 0388 Dhcp - ok 17:57:15.0670 0388 discache - ok 17:57:15.0686 0388 disk - ok 17:57:15.0701 0388 dmvsc - ok 17:57:15.0717 0388 Dnscache - ok 17:57:15.0733 0388 dot3svc - ok 17:57:15.0748 0388 DPS - ok 17:57:15.0764 0388 DptfDevDisplay - ok 17:57:15.0780 0388 DptfDevGen - ok 17:57:15.0795 0388 DptfDevProc - ok 17:57:15.0826 0388 DptfManager - ok 17:57:15.0842 0388 DptfParticipantDisplayService - ok 17:57:15.0858 0388 DptfParticipantProcessorService - ok 17:57:15.0873 0388 DptfPolicyConfigTDPService - ok 17:57:15.0889 0388 DptfPolicyCriticalService - ok 17:57:15.0905 0388 DptfPolicyLpmService - ok 17:57:15.0920 0388 drmkaud - ok 17:57:15.0936 0388 DsiDeviceControlService - ok 17:57:15.0951 0388 DsmSvc - ok 17:57:15.0983 0388 DXGKrnl - ok 17:57:15.0998 0388 EapHost - ok 17:57:16.0014 0388 EFS - ok 17:57:16.0030 0388 EhStorClass - ok 17:57:16.0045 0388 EhStorTcgDrv - ok 17:57:16.0061 0388 ErrDev - ok 17:57:16.0092 0388 EventSystem - ok 17:57:16.0108 0388 exfat - ok 17:57:16.0123 0388 fastfat - ok 17:57:16.0139 0388 Fax - ok 17:57:16.0155 0388 fdc - ok 17:57:16.0170 0388 fdPHost - ok 17:57:16.0186 0388 FDResPub - ok 17:57:16.0217 0388 fhsvc - ok 17:57:16.0233 0388 FileInfo - ok 17:57:16.0248 0388 Filetrace - ok 17:57:16.0264 0388 flpydisk - ok 17:57:16.0280 0388 FltMgr - ok 17:57:16.0295 0388 FontCache - ok 17:57:16.0311 0388 FontCache3.0.0.0 - ok 17:57:16.0326 0388 FsDepends - ok 17:57:16.0342 0388 Fs_Rec - ok 17:57:16.0358 0388 fvevol - ok 17:57:16.0373 0388 FxPPM - ok 17:57:16.0389 0388 gagp30kx - ok 17:57:16.0405 0388 gencounter - ok 17:57:16.0420 0388 GPIOCLV - ok 17:57:16.0436 0388 GPIOClx0101 - ok 17:57:16.0467 0388 gpsvc - ok 17:57:16.0483 0388 gupdate - ok 17:57:16.0498 0388 gupdatem - ok 17:57:16.0514 0388 gusvc - ok 17:57:16.0530 0388 HDAudBus - ok 17:57:16.0545 0388 HidBatt - ok 17:57:16.0561 0388 HidBth - ok 17:57:16.0576 0388 hidi2c - ok 17:57:16.0592 0388 HidIr - ok 17:57:16.0608 0388 hidserv - ok 17:57:16.0623 0388 HidUsb - ok 17:57:16.0639 0388 hkmsvc - ok 17:57:16.0670 0388 HomeGroupListener - ok 17:57:16.0686 0388 HomeGroupProvider - ok 17:57:16.0701 0388 HpSAMD - ok 17:57:16.0717 0388 HTTP - ok 17:57:16.0733 0388 hwpolicy - ok 17:57:16.0748 0388 hyperkbd - ok 17:57:16.0764 0388 HyperVideo - ok 17:57:16.0780 0388 i8042prt - ok 17:57:16.0811 0388 iaStorV - ok 17:57:16.0826 0388 igddim32 - ok 17:57:16.0842 0388 igdkmd32 - ok 17:57:16.0842 0388 iirsp - ok 17:57:16.0858 0388 IKEEXT - ok 17:57:16.0889 0388 inteli2c - ok 17:57:16.0905 0388 intelide - ok 17:57:16.0920 0388 intelppm - ok 17:57:16.0936 0388 IntelSST - ok 17:57:16.0952 0388 IpFilterDriver - ok 17:57:16.0983 0388 iphlpsvc - ok 17:57:16.0998 0388 IPMIDRV - ok 17:57:17.0014 0388 IPNAT - ok 17:57:17.0030 0388 IRENUM - ok 17:57:17.0045 0388 isapnp - ok 17:57:17.0061 0388 iScsiPrt - ok 17:57:17.0077 0388 kbdclass - ok 17:57:17.0092 0388 kbdhid - ok 17:57:17.0108 0388 kdnic - ok 17:57:17.0123 0388 KeyIso - ok 17:57:17.0139 0388 KSecDD - ok 17:57:17.0170 0388 KSecPkg - ok 17:57:17.0186 0388 KtmRm - ok 17:57:17.0202 0388 LanmanServer - ok 17:57:17.0217 0388 LanmanWorkstation - ok 17:57:17.0233 0388 lltdio - ok 17:57:17.0248 0388 lltdsvc - ok 17:57:17.0264 0388 Lm3554 - ok 17:57:17.0295 0388 lmhosts - ok 17:57:17.0311 0388 LNWIPC - ok 17:57:17.0327 0388 LSI_SAS - ok 17:57:17.0342 0388 LSI_SAS2 - ok 17:57:17.0358 0388 LSI_SCSI - ok 17:57:17.0389 0388 LSI_SSS - ok 17:57:17.0405 0388 LSM - ok 17:57:17.0420 0388 luafv - ok 17:57:17.0436 0388 MBAMProtector - ok 17:57:17.0452 0388 MBAMScheduler - ok 17:57:17.0467 0388 MBAMService - ok 17:57:17.0483 0388 MBI - ok 17:57:17.0498 0388 megasas - ok 17:57:17.0514 0388 MegaSR - ok 17:57:17.0530 0388 MMCSS - ok 17:57:17.0545 0388 Modem - ok 17:57:17.0561 0388 monitor - ok 17:57:17.0577 0388 mouclass - ok 17:57:17.0592 0388 mouhid - ok 17:57:17.0623 0388 mountmgr - ok 17:57:17.0639 0388 mpsdrv - ok 17:57:17.0655 0388 MpsSvc - ok 17:57:17.0670 0388 MRxDAV - ok 17:57:17.0686 0388 mrxsmb - ok 17:57:17.0702 0388 mrxsmb10 - ok 17:57:17.0717 0388 mrxsmb20 - ok 17:57:17.0733 0388 MsBridge - ok 17:57:17.0748 0388 MSDTC - ok 17:57:17.0780 0388 Msfs - ok 17:57:17.0795 0388 msgpiowin32 - ok 17:57:17.0811 0388 mshidkmdf - ok 17:57:17.0827 0388 mshidumdf - ok 17:57:17.0842 0388 MSICReg - ok 17:57:17.0858 0388 msisadrv - ok 17:57:17.0873 0388 MSiSCSI - ok 17:57:17.0889 0388 msiserver - ok 17:57:17.0905 0388 MSKSSRV - ok 17:57:17.0936 0388 MsLldp - ok 17:57:17.0952 0388 MSPCLOCK - ok 17:57:17.0967 0388 MSPQM - ok 17:57:17.0983 0388 MsRPC - ok 17:57:17.0998 0388 mssmbios - ok 17:57:18.0014 0388 MSTEE - ok 17:57:18.0045 0388 MTConfig - ok 17:57:18.0061 0388 Mup - ok 17:57:18.0077 0388 mvumis - ok 17:57:18.0092 0388 napagent - ok 17:57:18.0108 0388 NativeWifiP - ok 17:57:18.0123 0388 NcaSvc - ok 17:57:18.0139 0388 NcdAutoSetup - ok 17:57:18.0155 0388 NDIS - ok 17:57:18.0170 0388 NdisCap - ok 17:57:18.0186 0388 NdisImPlatform - ok 17:57:18.0202 0388 NdisTapi - ok 17:57:18.0217 0388 Ndisuio - ok 17:57:18.0233 0388 NdisWan - ok 17:57:18.0248 0388 NDISWANLEGACY - ok 17:57:18.0264 0388 NDProxy - ok 17:57:18.0280 0388 Ndu - ok 17:57:18.0295 0388 NetBIOS - ok 17:57:18.0311 0388 NetBT - ok 17:57:18.0327 0388 Netlogon - ok 17:57:18.0342 0388 Netman - ok 17:57:18.0358 0388 netprofm - ok 17:57:18.0373 0388 NetTcpPortSharing - ok 17:57:18.0389 0388 nfrd960 - ok 17:57:18.0405 0388 NlaSvc - ok 17:57:18.0420 0388 Npfs - ok 17:57:18.0436 0388 npsvctrig - ok 17:57:18.0452 0388 nsi - ok 17:57:18.0467 0388 nsiproxy - ok 17:57:18.0498 0388 Ntfs - ok 17:57:18.0514 0388 NTI IScheduleSvc - ok 17:57:18.0530 0388 NTIDrvr - ok 17:57:18.0545 0388 Null - ok 17:57:18.0561 0388 nvraid - ok 17:57:18.0592 0388 nvstor - ok 17:57:18.0608 0388 nv_agp - ok 17:57:18.0623 0388 ov2720 - ok 17:57:18.0623 0388 ov8830 - ok 17:57:18.0639 0388 p2pimsvc - ok 17:57:18.0655 0388 p2psvc - ok 17:57:18.0670 0388 Parport - ok 17:57:18.0686 0388 partmgr - ok 17:57:18.0717 0388 Parvdm - ok 17:57:18.0733 0388 PcaSvc - ok 17:57:18.0748 0388 pci - ok 17:57:18.0764 0388 pciide - ok 17:57:18.0780 0388 pcmcia - ok 17:57:18.0795 0388 pcw - ok 17:57:18.0811 0388 pdc - ok 17:57:18.0827 0388 PEAUTH - ok 17:57:18.0873 0388 pla - ok 17:57:18.0889 0388 PlugPlay - ok 17:57:18.0920 0388 PNRPAutoReg - ok 17:57:18.0936 0388 PNRPsvc - ok 17:57:18.0952 0388 PolicyAgent - ok 17:57:18.0967 0388 Power - ok 17:57:18.0998 0388 PptpMiniport - ok 17:57:19.0014 0388 PrintNotify - ok 17:57:19.0030 0388 Processor - ok 17:57:19.0045 0388 ProfSvc - ok 17:57:19.0077 0388 Psched - ok 17:57:19.0092 0388 QWAVE - ok 17:57:19.0108 0388 QWAVEdrv - ok 17:57:19.0123 0388 RasAcd - ok 17:57:19.0139 0388 RasAgileVpn - ok 17:57:19.0155 0388 RasAuto - ok 17:57:19.0170 0388 Rasl2tp - ok 17:57:19.0202 0388 RasMan - ok 17:57:19.0217 0388 RasPppoe - ok 17:57:19.0233 0388 RasSstp - ok 17:57:19.0248 0388 rdbss - ok 17:57:19.0280 0388 rdpbus - ok 17:57:19.0295 0388 RDPDR - ok 17:57:19.0327 0388 RdpVideoMiniport - ok 17:57:19.0342 0388 RDPWD - ok 17:57:19.0358 0388 rdyboost - ok 17:57:19.0373 0388 RemoteAccess - ok 17:57:19.0389 0388 RemoteRegistry - ok 17:57:19.0405 0388 RFCOMM - ok 17:57:19.0420 0388 RpcEptMapper - ok 17:57:19.0436 0388 RpcLocator - ok 17:57:19.0452 0388 RpcSs - ok 17:57:19.0467 0388 rspndr - ok 17:57:19.0483 0388 rtii2sac - ok 17:57:19.0498 0388 s3cap - ok 17:57:19.0514 0388 SamSs - ok 17:57:19.0530 0388 sbp2port - ok 17:57:19.0545 0388 SCardSvr - ok 17:57:19.0561 0388 scfilter - ok 17:57:19.0577 0388 Schedule - ok 17:57:19.0592 0388 SCPolicySvc - ok 17:57:19.0608 0388 sdbus - ok 17:57:19.0623 0388 SDRSVC - ok 17:57:19.0639 0388 SDScannerService - ok 17:57:19.0670 0388 sdstor - ok 17:57:19.0686 0388 SDUpdateService - ok 17:57:19.0702 0388 SDWSCService - ok 17:57:19.0717 0388 secdrv - ok 17:57:19.0733 0388 seclogon - ok 17:57:19.0748 0388 SENS - ok 17:57:19.0764 0388 SensorsHIDClassDriver - ok 17:57:19.0780 0388 SensorsServiceDriver - ok 17:57:19.0795 0388 SensrSvc - ok 17:57:19.0811 0388 SerCx - ok 17:57:19.0827 0388 Serenum - ok 17:57:19.0842 0388 Serial - ok 17:57:19.0858 0388 sermouse - ok 17:57:19.0905 0388 SessionEnv - ok 17:57:19.0920 0388 sfloppy - ok 17:57:19.0936 0388 SharedAccess - ok 17:57:19.0952 0388 ShellHWDetection - ok 17:57:19.0967 0388 sisagp - ok 17:57:19.0983 0388 SiSRaid2 - ok 17:57:20.0014 0388 SiSRaid4 - ok 17:57:20.0045 0388 SNMPTRAP - ok 17:57:20.0061 0388 spaceport - ok 17:57:20.0077 0388 SpbCx - ok 17:57:20.0092 0388 spi - ok 17:57:20.0108 0388 Spooler - ok 17:57:20.0139 0388 sppsvc - ok 17:57:20.0155 0388 srv - ok 17:57:20.0170 0388 srv2 - ok 17:57:20.0186 0388 srvnet - ok 17:57:20.0202 0388 SSDPSRV - ok 17:57:20.0217 0388 SstpSvc - ok 17:57:20.0233 0388 stexstor - ok 17:57:20.0249 0388 StiSvc - ok 17:57:20.0264 0388 storahci - ok 17:57:20.0280 0388 storflt - ok 17:57:20.0295 0388 StorSvc - ok 17:57:20.0311 0388 storvsc - ok 17:57:20.0327 0388 svsvc - ok 17:57:20.0342 0388 swenum - ok 17:57:20.0374 0388 swprv - ok 17:57:20.0374 0388 SysMain - ok 17:57:20.0389 0388 SystemEventsBroker - ok 17:57:20.0405 0388 TabletInputService - ok 17:57:20.0420 0388 TapiSrv - ok 17:57:20.0436 0388 Tcpip - ok 17:57:20.0467 0388 TCPIP6 - ok 17:57:20.0483 0388 tcpipreg - ok 17:57:20.0514 0388 tdx - ok 17:57:20.0530 0388 terminpt - ok 17:57:20.0545 0388 TermService - ok 17:57:20.0561 0388 Themes - ok 17:57:20.0577 0388 THREADORDER - ok 17:57:20.0592 0388 TimeBroker - ok 17:57:20.0608 0388 TPM - ok 17:57:20.0624 0388 TrkWks - ok 17:57:20.0639 0388 TrustedInstaller - ok 17:57:20.0670 0388 TsUsbFlt - ok 17:57:20.0686 0388 TsUsbGD - ok 17:57:20.0702 0388 tunnel - ok 17:57:20.0717 0388 uagp35 - ok 17:57:20.0733 0388 Uart16550pc - ok 17:57:20.0749 0388 UASPStor - ok 17:57:20.0764 0388 UBHelper - ok 17:57:20.0780 0388 UCX01000 - ok 17:57:20.0795 0388 udfs - ok 17:57:20.0827 0388 UI0Detect - ok 17:57:20.0842 0388 uliagpkx - ok 17:57:20.0874 0388 umbus - ok 17:57:20.0889 0388 UmPass - ok 17:57:20.0889 0388 UmRdpService - ok 17:57:20.0920 0388 upnphost - ok 17:57:20.0936 0388 usbccgp - ok 17:57:20.0952 0388 usbcir - ok 17:57:20.0967 0388 usbehci - ok 17:57:20.0983 0388 usbhub - ok 17:57:20.0999 0388 USBHUB3 - ok 17:57:21.0014 0388 usbohci - ok 17:57:21.0030 0388 usbprint - ok 17:57:21.0045 0388 USBSTOR - ok 17:57:21.0061 0388 usbuhci - ok 17:57:21.0077 0388 USBXHCI - ok 17:57:21.0092 0388 VaultSvc - ok 17:57:21.0124 0388 vdrvroot - ok 17:57:21.0139 0388 vds - ok 17:57:21.0155 0388 VerifierExt - ok 17:57:21.0170 0388 vhdmp - ok 17:57:21.0186 0388 viaagp - ok 17:57:21.0202 0388 ViaC7 - ok 17:57:21.0217 0388 viaide - ok 17:57:21.0233 0388 vmbus - ok 17:57:21.0249 0388 VMBusHID - ok 17:57:21.0264 0388 vmicheartbeat - ok 17:57:21.0280 0388 vmickvpexchange - ok 17:57:21.0295 0388 vmicrdv - ok 17:57:21.0311 0388 vmicshutdown - ok 17:57:21.0327 0388 vmictimesync - ok 17:57:21.0342 0388 vmicvss - ok 17:57:21.0358 0388 volmgr - ok 17:57:21.0374 0388 volmgrx - ok 17:57:21.0389 0388 volsnap - ok 17:57:21.0420 0388 vsmraid - ok 17:57:21.0436 0388 VSS - ok 17:57:21.0452 0388 VSTXRAID - ok 17:57:21.0467 0388 vwifibus - ok 17:57:21.0483 0388 vwififlt - ok 17:57:21.0499 0388 vwifimp - ok 17:57:21.0514 0388 W32Time - ok 17:57:21.0530 0388 WacomPen - ok 17:57:21.0545 0388 Wanarp - ok 17:57:21.0561 0388 Wanarpv6 - ok 17:57:21.0577 0388 wbengine - ok 17:57:21.0592 0388 WbioSrvc - ok 17:57:21.0608 0388 Wcmsvc - ok 17:57:21.0624 0388 wcncsvc - ok 17:57:21.0639 0388 WcsPlugInService - ok 17:57:21.0655 0388 Wd - ok 17:57:21.0670 0388 WdBoot - ok 17:57:21.0702 0388 Wdf01000 - ok 17:57:21.0717 0388 WdFilter - ok 17:57:21.0733 0388 WdiServiceHost - ok 17:57:21.0749 0388 WdiSystemHost - ok 17:57:21.0764 0388 WebClient - ok 17:57:21.0780 0388 Wecsvc - ok 17:57:21.0795 0388 wercplsupport - ok 17:57:21.0811 0388 WerSvc - ok 17:57:21.0827 0388 WFPLWFS - ok 17:57:21.0842 0388 WiaRpc - ok 17:57:21.0858 0388 WIMMount - ok 17:57:21.0874 0388 WinDefend - ok 17:57:21.0920 0388 WinHttpAutoProxySvc - ok 17:57:21.0936 0388 winmgmt - ok 17:57:21.0952 0388 WinRM - ok 17:57:21.0983 0388 WlanSvc - ok 17:57:21.0999 0388 wlidsvc - ok 17:57:22.0014 0388 wmbclass - ok 17:57:22.0030 0388 WmiAcpi - ok 17:57:22.0061 0388 wmiApSrv - ok 17:57:22.0077 0388 WMPNetworkSvc - ok 17:57:22.0092 0388 wpcfltr - ok 17:57:22.0124 0388 WPCSvc - ok 17:57:22.0139 0388 WPDBusEnum - ok 17:57:22.0139 0388 WpdUpFltr - ok 17:57:22.0170 0388 ws2ifsl - ok 17:57:22.0186 0388 wscsvc - ok 17:57:22.0202 0388 WSearch - ok 17:57:22.0217 0388 WSService - ok 17:57:22.0233 0388 wuauserv - ok 17:57:22.0249 0388 WudfPf - ok 17:57:22.0264 0388 WUDFRd - ok 17:57:22.0280 0388 wudfsvc - ok 17:57:22.0311 0388 WUDFWpdFs - ok 17:57:22.0327 0388 WwanSvc - ok 17:57:22.0374 0388 ================ Scan global =============================== 17:57:22.0374 0388 [Global] - ok 17:57:22.0389 0388 ================ Scan MBR ================================== 17:57:22.0389 0388 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 17:57:22.0483 0388 \Device\Harddisk0\DR0 - ok 17:57:22.0483 0388 ================ Scan VBR ================================== 17:57:22.0483 0388 ============================================================ 17:57:22.0483 0388 Scan finished 17:57:22.0483 0388 ============================================================ 17:57:22.0514 0052 Detected object count: 0 17:57:22.0514 0052 Actual detected object count: 0 17:57:42.0374 0416 ============================================================ 17:57:42.0374 0416 Scan started 17:57:42.0374 0416 Mode: Manual; SigCheck; TDLFS; 17:57:42.0374 0416 ============================================================ 17:57:42.0374 0416 ================ Scan system memory ======================== 17:57:42.0374 0416 System memory - ok 17:57:42.0374 0416 ================ Scan services ============================= 17:57:42.0437 0416 1394ohci - ok 17:57:42.0453 0416 3ware - ok 17:57:42.0468 0416 AcerKBVDMini - ok 17:57:42.0484 0416 ACPI - ok 17:57:42.0499 0416 acpiex - ok 17:57:42.0515 0416 acpipagr - ok 17:57:42.0531 0416 AcpiPmi - ok 17:57:42.0546 0416 acpitime - ok 17:57:42.0562 0416 adp94xx - ok 17:57:42.0578 0416 adpahci - ok 17:57:42.0593 0416 adpu320 - ok 17:57:42.0624 0416 AeLookupSvc - ok 17:57:42.0640 0416 AFD - ok 17:57:42.0656 0416 agp440 - ok 17:57:42.0671 0416 ALG - ok 17:57:42.0687 0416 AllUserInstallAgent - ok 17:57:42.0703 0416 amdagp - ok 17:57:42.0718 0416 AmdK8 - ok 17:57:42.0734 0416 AmdPPM - ok 17:57:42.0749 0416 amdsata - ok 17:57:42.0781 0416 amdsbs - ok 17:57:42.0796 0416 amdxata - ok 17:57:42.0812 0416 AppID - ok 17:57:42.0828 0416 AppIDSvc - ok 17:57:42.0843 0416 Appinfo - ok 17:57:42.0859 0416 arc - ok 17:57:42.0874 0416 arcsas - ok 17:57:42.0890 0416 aswFsBlk - ok 17:57:42.0906 0416 aswFW - ok 17:57:42.0921 0416 aswKbd - ok 17:57:42.0937 0416 aswMonFlt - ok 17:57:42.0953 0416 aswNdisFlt - ok 17:57:42.0968 0416 aswRdr - ok 17:57:42.0984 0416 aswRvrt - ok 17:57:42.0999 0416 aswSnx - ok 17:57:43.0031 0416 aswSP - ok 17:57:43.0046 0416 aswTdi - ok 17:57:43.0062 0416 aswVmm - ok 17:57:43.0078 0416 AsyncMac - ok 17:57:43.0093 0416 atapi - ok 17:57:43.0109 0416 AudioEndpointBuilder - ok 17:57:43.0124 0416 Audiosrv - ok 17:57:43.0140 0416 avast! Antivirus - ok 17:57:43.0156 0416 avast! Firewall - ok 17:57:43.0171 0416 AxInstSV - ok 17:57:43.0187 0416 BasicDisplay - ok 17:57:43.0203 0416 BasicRender - ok 17:57:43.0218 0416 bcmfn2 - ok 17:57:43.0234 0416 BcmNfcIc - ok 17:57:43.0265 0416 BCMSDH43XX - ok 17:57:43.0281 0416 BDESVC - ok 17:57:43.0296 0416 Beep - ok 17:57:43.0312 0416 BFE - ok 17:57:43.0328 0416 BITS - ok 17:57:43.0343 0416 bowser - ok 17:57:43.0359 0416 BrokerInfrastructure - ok 17:57:43.0374 0416 Browser - ok 17:57:43.0390 0416 BthAvrcpTg - ok 17:57:43.0406 0416 BthEnum - ok 17:57:43.0421 0416 BthHFEnum - ok 17:57:43.0437 0416 bthhfhid - ok 17:57:43.0453 0416 BthLEEnum - ok 17:57:43.0468 0416 BthMini - ok 17:57:43.0484 0416 BTHMODEM - ok 17:57:43.0515 0416 BthPan - ok 17:57:43.0531 0416 BTHPORT - ok 17:57:43.0546 0416 bthserv - ok 17:57:43.0562 0416 btwampfl - ok 17:57:43.0578 0416 BtwSerialBus - ok 17:57:43.0593 0416 camera - ok 17:57:43.0609 0416 CCDMonitorService - ok 17:57:43.0624 0416 cdfs - ok 17:57:43.0640 0416 cdrom - ok 17:57:43.0656 0416 CertPropSvc - ok 17:57:43.0671 0416 ChaabiDriver - ok 17:57:43.0703 0416 circlass - ok 17:57:43.0718 0416 CLFS - ok 17:57:43.0749 0416 clvpep - ok 17:57:43.0765 0416 CmBatt - ok 17:57:43.0781 0416 CNG - ok 17:57:43.0796 0416 cnghwassist - ok 17:57:43.0812 0416 CompositeBus - ok 17:57:43.0828 0416 COMSysApp - ok 17:57:43.0843 0416 condrv - ok 17:57:43.0874 0416 CryptSvc - ok 17:57:43.0890 0416 dam - ok 17:57:43.0906 0416 DcomLaunch - ok 17:57:43.0921 0416 defragsvc - ok 17:57:43.0937 0416 DeviceAssociationService - ok 17:57:43.0953 0416 DeviceInstall - ok 17:57:43.0968 0416 Dfsc - ok 17:57:43.0984 0416 Dhcp - ok 17:57:44.0000 0416 discache - ok 17:57:44.0015 0416 disk - ok 17:57:44.0031 0416 dmvsc - ok 17:57:44.0046 0416 Dnscache - ok 17:57:44.0078 0416 dot3svc - ok 17:57:44.0093 0416 DPS - ok 17:57:44.0109 0416 DptfDevDisplay - ok 17:57:44.0125 0416 DptfDevGen - ok 17:57:44.0125 0416 DptfDevProc - ok 17:57:44.0140 0416 DptfManager - ok 17:57:44.0156 0416 DptfParticipantDisplayService - ok 17:57:44.0171 0416 DptfParticipantProcessorService - ok 17:57:44.0203 0416 DptfPolicyConfigTDPService - ok 17:57:44.0218 0416 DptfPolicyCriticalService - ok 17:57:44.0234 0416 DptfPolicyLpmService - ok 17:57:44.0250 0416 drmkaud - ok 17:57:44.0265 0416 DsiDeviceControlService - ok 17:57:44.0281 0416 DsmSvc - ok 17:57:44.0296 0416 DXGKrnl - ok 17:57:44.0312 0416 EapHost - ok 17:57:44.0328 0416 EFS - ok 17:57:44.0343 0416 EhStorClass - ok 17:57:44.0359 0416 EhStorTcgDrv - ok 17:57:44.0375 0416 ErrDev - ok 17:57:44.0406 0416 EventSystem - ok 17:57:44.0437 0416 exfat - ok 17:57:44.0453 0416 fastfat - ok 17:57:44.0468 0416 Fax - ok 17:57:44.0484 0416 fdc - ok 17:57:44.0500 0416 fdPHost - ok 17:57:44.0515 0416 FDResPub - ok 17:57:44.0546 0416 fhsvc - ok 17:57:44.0546 0416 FileInfo - ok 17:57:44.0562 0416 Filetrace - ok 17:57:44.0578 0416 flpydisk - ok 17:57:44.0609 0416 FltMgr - ok 17:57:44.0625 0416 FontCache - ok 17:57:44.0640 0416 FontCache3.0.0.0 - ok 17:57:44.0656 0416 FsDepends - ok 17:57:44.0687 0416 Fs_Rec - ok 17:57:44.0703 0416 fvevol - ok 17:57:44.0718 0416 FxPPM - ok 17:57:44.0734 0416 gagp30kx - ok 17:57:44.0750 0416 gencounter - ok 17:57:44.0765 0416 GPIOCLV - ok 17:57:44.0781 0416 GPIOClx0101 - ok 17:57:44.0796 0416 gpsvc - ok 17:57:44.0812 0416 gupdate - ok 17:57:44.0828 0416 gupdatem - ok 17:57:44.0859 0416 gusvc - ok 17:57:44.0875 0416 HDAudBus - ok 17:57:44.0875 0416 HidBatt - ok 17:57:44.0890 0416 HidBth - ok 17:57:44.0921 0416 hidi2c - ok 17:57:44.0937 0416 HidIr - ok 17:57:44.0953 0416 hidserv - ok 17:57:44.0968 0416 HidUsb - ok 17:57:44.0984 0416 hkmsvc - ok 17:57:45.0000 0416 HomeGroupListener - ok 17:57:45.0015 0416 HomeGroupProvider - ok 17:57:45.0046 0416 HpSAMD - ok 17:57:45.0062 0416 HTTP - ok 17:57:45.0078 0416 hwpolicy - ok 17:57:45.0109 0416 hyperkbd - ok 17:57:45.0125 0416 HyperVideo - ok 17:57:45.0140 0416 i8042prt - ok 17:57:45.0171 0416 iaStorV - ok 17:57:45.0187 0416 igddim32 - ok 17:57:45.0203 0416 igdkmd32 - ok 17:57:45.0218 0416 iirsp - ok 17:57:45.0234 0416 IKEEXT - ok 17:57:45.0265 0416 inteli2c - ok 17:57:45.0281 0416 intelide - ok 17:57:45.0296 0416 intelppm - ok 17:57:45.0312 0416 IntelSST - ok 17:57:45.0328 0416 IpFilterDriver - ok 17:57:45.0359 0416 iphlpsvc - ok 17:57:45.0375 0416 IPMIDRV - ok 17:57:45.0390 0416 IPNAT - ok 17:57:45.0406 0416 IRENUM - ok 17:57:45.0421 0416 isapnp - ok 17:57:45.0437 0416 iScsiPrt - ok 17:57:45.0453 0416 kbdclass - ok 17:57:45.0468 0416 kbdhid - ok 17:57:45.0484 0416 kdnic - ok 17:57:45.0515 0416 KeyIso - ok 17:57:45.0531 0416 KSecDD - ok 17:57:45.0546 0416 KSecPkg - ok 17:57:45.0562 0416 KtmRm - ok 17:57:45.0578 0416 LanmanServer - ok 17:57:45.0593 0416 LanmanWorkstation - ok 17:57:45.0609 0416 lltdio - ok 17:57:45.0640 0416 lltdsvc - ok 17:57:45.0656 0416 Lm3554 - ok 17:57:45.0671 0416 lmhosts - ok 17:57:45.0687 0416 LNWIPC - ok 17:57:45.0718 0416 LSI_SAS - ok 17:57:45.0734 0416 LSI_SAS2 - ok 17:57:45.0750 0416 LSI_SCSI - ok 17:57:45.0765 0416 LSI_SSS - ok 17:57:45.0796 0416 LSM - ok 17:57:45.0812 0416 luafv - ok 17:57:45.0828 0416 MBAMProtector - ok 17:57:45.0843 0416 MBAMScheduler - ok 17:57:45.0859 0416 MBAMService - ok 17:57:45.0875 0416 MBI - ok 17:57:45.0890 0416 megasas - ok 17:57:45.0921 0416 MegaSR - ok 17:57:45.0937 0416 MMCSS - ok 17:57:45.0953 0416 Modem - ok 17:57:45.0968 0416 monitor - ok 17:57:45.0984 0416 mouclass - ok 17:57:46.0000 0416 mouhid - ok 17:57:46.0015 0416 mountmgr - ok 17:57:46.0031 0416 mpsdrv - ok 17:57:46.0046 0416 MpsSvc - ok 17:57:46.0062 0416 MRxDAV - ok 17:57:46.0093 0416 mrxsmb - ok 17:57:46.0109 0416 mrxsmb10 - ok 17:57:46.0125 0416 mrxsmb20 - ok 17:57:46.0140 0416 MsBridge - ok 17:57:46.0156 0416 MSDTC - ok 17:57:46.0187 0416 Msfs - ok 17:57:46.0203 0416 msgpiowin32 - ok 17:57:46.0218 0416 mshidkmdf - ok 17:57:46.0250 0416 mshidumdf - ok 17:57:46.0265 0416 MSICReg - ok 17:57:46.0281 0416 msisadrv - ok 17:57:46.0296 0416 MSiSCSI - ok 17:57:46.0312 0416 msiserver - ok 17:57:46.0328 0416 MSKSSRV - ok 17:57:46.0359 0416 MsLldp - ok 17:57:46.0375 0416 MSPCLOCK - ok 17:57:46.0390 0416 MSPQM - ok 17:57:46.0406 0416 MsRPC - ok 17:57:46.0421 0416 mssmbios - ok 17:57:46.0453 0416 MSTEE - ok 17:57:46.0468 0416 MTConfig - ok 17:57:46.0484 0416 Mup - ok 17:57:46.0500 0416 mvumis - ok 17:57:46.0515 0416 napagent - ok 17:57:46.0531 0416 NativeWifiP - ok 17:57:46.0546 0416 NcaSvc - ok 17:57:46.0562 0416 NcdAutoSetup - ok 17:57:46.0593 0416 NDIS - ok 17:57:46.0609 0416 NdisCap - ok 17:57:46.0625 0416 NdisImPlatform - ok 17:57:46.0640 0416 NdisTapi - ok 17:57:46.0671 0416 Ndisuio - ok 17:57:46.0687 0416 NdisWan - ok 17:57:46.0703 0416 NDISWANLEGACY - ok 17:57:46.0734 0416 NDProxy - ok 17:57:46.0765 0416 Ndu - ok 17:57:46.0797 0416 NetBIOS - ok 17:57:46.0812 0416 NetBT - ok 17:57:46.0828 0416 Netlogon - ok 17:57:46.0843 0416 Netman - ok 17:57:46.0875 0416 netprofm - ok 17:57:46.0875 0416 NetTcpPortSharing - ok 17:57:46.0906 0416 nfrd960 - ok 17:57:46.0921 0416 NlaSvc - ok 17:57:46.0937 0416 Npfs - ok 17:57:46.0953 0416 npsvctrig - ok 17:57:46.0968 0416 nsi - ok 17:57:46.0984 0416 nsiproxy - ok 17:57:47.0015 0416 Ntfs - ok 17:57:47.0031 0416 NTI IScheduleSvc - ok 17:57:47.0046 0416 NTIDrvr - ok 17:57:47.0062 0416 Null - ok 17:57:47.0078 0416 nvraid - ok 17:57:47.0093 0416 nvstor - ok 17:57:47.0125 0416 nv_agp - ok 17:57:47.0140 0416 ov2720 - ok 17:57:47.0156 0416 ov8830 - ok 17:57:47.0187 0416 p2pimsvc - ok 17:57:47.0203 0416 p2psvc - ok 17:57:47.0218 0416 Parport - ok 17:57:47.0250 0416 partmgr - ok 17:57:47.0265 0416 Parvdm - ok 17:57:47.0297 0416 PcaSvc - ok 17:57:47.0312 0416 pci - ok 17:57:47.0328 0416 pciide - ok 17:57:47.0343 0416 pcmcia - ok 17:57:47.0375 0416 pcw - ok 17:57:47.0390 0416 pdc - ok 17:57:47.0406 0416 PEAUTH - ok 17:57:47.0468 0416 pla - ok 17:57:47.0484 0416 PlugPlay - ok 17:57:47.0500 0416 PNRPAutoReg - ok 17:57:47.0531 0416 PNRPsvc - ok 17:57:47.0547 0416 PolicyAgent - ok 17:57:47.0578 0416 Power - ok 17:57:47.0609 0416 PptpMiniport - ok 17:57:47.0625 0416 PrintNotify - ok 17:57:47.0640 0416 Processor - ok 17:57:47.0656 0416 ProfSvc - ok 17:57:47.0672 0416 Psched - ok 17:57:47.0687 0416 QWAVE - ok 17:57:47.0703 0416 QWAVEdrv - ok 17:57:47.0734 0416 RasAcd - ok 17:57:47.0750 0416 RasAgileVpn - ok 17:57:47.0765 0416 RasAuto - ok 17:57:47.0781 0416 Rasl2tp - ok 17:57:47.0797 0416 RasMan - ok 17:57:47.0812 0416 RasPppoe - ok 17:57:47.0828 0416 RasSstp - ok 17:57:47.0843 0416 rdbss - ok 17:57:47.0875 0416 rdpbus - ok 17:57:47.0890 0416 RDPDR - ok 17:57:47.0937 0416 RdpVideoMiniport - ok 17:57:47.0953 0416 RDPWD - ok 17:57:47.0968 0416 rdyboost - ok 17:57:48.0000 0416 RemoteAccess - ok 17:57:48.0031 0416 RemoteRegistry - ok 17:57:48.0062 0416 RFCOMM - ok 17:57:48.0078 0416 RpcEptMapper - ok 17:57:48.0093 0416 RpcLocator - ok 17:57:48.0109 0416 RpcSs - ok 17:57:48.0125 0416 rspndr - ok 17:57:48.0140 0416 rtii2sac - ok 17:57:48.0156 0416 s3cap - ok 17:57:48.0172 0416 SamSs - ok 17:57:48.0187 0416 sbp2port - ok 17:57:48.0203 0416 SCardSvr - ok 17:57:48.0218 0416 scfilter - ok 17:57:48.0250 0416 Schedule - ok 17:57:48.0265 0416 SCPolicySvc - ok 17:57:48.0281 0416 sdbus - ok 17:57:48.0297 0416 SDRSVC - ok 17:57:48.0312 0416 SDScannerService - ok 17:57:48.0328 0416 sdstor - ok 17:57:48.0343 0416 SDUpdateService - ok 17:57:48.0375 0416 SDWSCService - ok 17:57:48.0390 0416 secdrv - ok 17:57:48.0406 0416 seclogon - ok 17:57:48.0422 0416 SENS - ok 17:57:48.0437 0416 SensorsHIDClassDriver - ok 17:57:48.0453 0416 SensorsServiceDriver - ok 17:57:48.0484 0416 SensrSvc - ok 17:57:48.0500 0416 SerCx - ok 17:57:48.0515 0416 Serenum - ok 17:57:48.0531 0416 Serial - ok 17:57:48.0547 0416 sermouse - ok 17:57:48.0593 0416 SessionEnv - ok 17:57:48.0609 0416 sfloppy - ok 17:57:48.0625 0416 SharedAccess - ok 17:57:48.0640 0416 ShellHWDetection - ok 17:57:48.0656 0416 sisagp - ok 17:57:48.0687 0416 SiSRaid2 - ok 17:57:48.0703 0416 SiSRaid4 - ok 17:57:48.0750 0416 SNMPTRAP - ok 17:57:48.0765 0416 spaceport - ok 17:57:48.0781 0416 SpbCx - ok 17:57:48.0797 0416 spi - ok 17:57:48.0812 0416 Spooler - ok 17:57:48.0828 0416 sppsvc - ok 17:57:48.0843 0416 srv - ok 17:57:48.0859 0416 srv2 - ok 17:57:48.0875 0416 srvnet - ok 17:57:48.0890 0416 SSDPSRV - ok 17:57:48.0922 0416 SstpSvc - ok 17:57:48.0937 0416 stexstor - ok 17:57:48.0953 0416 StiSvc - ok 17:57:48.0968 0416 storahci - ok 17:57:48.0984 0416 storflt - ok 17:57:49.0000 0416 StorSvc - ok 17:57:49.0015 0416 storvsc - ok 17:57:49.0031 0416 svsvc - ok 17:57:49.0047 0416 swenum - ok 17:57:49.0062 0416 swprv - ok 17:57:49.0078 0416 SysMain - ok 17:57:49.0093 0416 SystemEventsBroker - ok 17:57:49.0109 0416 TabletInputService - ok 17:57:49.0125 0416 TapiSrv - ok 17:57:49.0140 0416 Tcpip - ok 17:57:49.0172 0416 TCPIP6 - ok 17:57:49.0187 0416 tcpipreg - ok 17:57:49.0218 0416 tdx - ok 17:57:49.0234 0416 terminpt - ok 17:57:49.0250 0416 TermService - ok 17:57:49.0265 0416 Themes - ok 17:57:49.0281 0416 THREADORDER - ok 17:57:49.0297 0416 TimeBroker - ok 17:57:49.0312 0416 TPM - ok 17:57:49.0343 0416 TrkWks - ok 17:57:49.0359 0416 TrustedInstaller - ok 17:57:49.0375 0416 TsUsbFlt - ok 17:57:49.0390 0416 TsUsbGD - ok 17:57:49.0406 0416 tunnel - ok 17:57:49.0422 0416 uagp35 - ok 17:57:49.0453 0416 Uart16550pc - ok 17:57:49.0468 0416 UASPStor - ok 17:57:49.0484 0416 UBHelper - ok 17:57:49.0500 0416 UCX01000 - ok 17:57:49.0515 0416 udfs - ok 17:57:49.0547 0416 UI0Detect - ok 17:57:49.0562 0416 uliagpkx - ok 17:57:49.0578 0416 umbus - ok 17:57:49.0593 0416 UmPass - ok 17:57:49.0609 0416 UmRdpService - ok 17:57:49.0625 0416 upnphost - ok 17:57:49.0640 0416 usbccgp - ok 17:57:49.0672 0416 usbcir - ok 17:57:49.0687 0416 usbehci - ok 17:57:49.0703 0416 usbhub - ok 17:57:49.0718 0416 USBHUB3 - ok 17:57:49.0734 0416 usbohci - ok 17:57:49.0750 0416 usbprint - ok 17:57:49.0765 0416 USBSTOR - ok 17:57:49.0781 0416 usbuhci - ok 17:57:49.0812 0416 USBXHCI - ok 17:57:49.0828 0416 VaultSvc - ok 17:57:49.0843 0416 vdrvroot - ok 17:57:49.0859 0416 vds - ok 17:57:49.0875 0416 VerifierExt - ok 17:57:49.0890 0416 vhdmp - ok 17:57:49.0906 0416 viaagp - ok 17:57:49.0922 0416 ViaC7 - ok 17:57:49.0953 0416 viaide - ok 17:57:49.0968 0416 vmbus - ok 17:57:49.0984 0416 VMBusHID - ok 17:57:50.0000 0416 vmicheartbeat - ok 17:57:50.0015 0416 vmickvpexchange - ok 17:57:50.0031 0416 vmicrdv - ok 17:57:50.0047 0416 vmicshutdown - ok 17:57:50.0062 0416 vmictimesync - ok 17:57:50.0078 0416 vmicvss - ok 17:57:50.0094 0416 volmgr - ok 17:57:50.0109 0416 volmgrx - ok 17:57:50.0125 0416 volsnap - ok 17:57:50.0156 0416 vsmraid - ok 17:57:50.0172 0416 VSS - ok 17:57:50.0187 0416 VSTXRAID - ok 17:57:50.0203 0416 vwifibus - ok 17:57:50.0219 0416 vwififlt - ok 17:57:50.0234 0416 vwifimp - ok 17:57:50.0265 0416 W32Time - ok 17:57:50.0281 0416 WacomPen - ok 17:57:50.0297 0416 Wanarp - ok 17:57:50.0312 0416 Wanarpv6 - ok 17:57:50.0328 0416 wbengine - ok 17:57:50.0344 0416 WbioSrvc - ok 17:57:50.0359 0416 Wcmsvc - ok 17:57:50.0375 0416 wcncsvc - ok 17:57:50.0406 0416 WcsPlugInService - ok 17:57:50.0422 0416 Wd - ok 17:57:50.0437 0416 WdBoot - ok 17:57:50.0453 0416 Wdf01000 - ok 17:57:50.0469 0416 WdFilter - ok 17:57:50.0484 0416 WdiServiceHost - ok 17:57:50.0500 0416 WdiSystemHost - ok 17:57:50.0515 0416 WebClient - ok 17:57:50.0531 0416 Wecsvc - ok 17:57:50.0547 0416 wercplsupport - ok 17:57:50.0562 0416 WerSvc - ok 17:57:50.0594 0416 WFPLWFS - ok 17:57:50.0609 0416 WiaRpc - ok 17:57:50.0625 0416 WIMMount - ok 17:57:50.0640 0416 WinDefend - ok 17:57:50.0656 0416 WinHttpAutoProxySvc - ok 17:57:50.0672 0416 winmgmt - ok 17:57:50.0687 0416 WinRM - ok 17:57:50.0734 0416 WlanSvc - ok 17:57:50.0750 0416 wlidsvc - ok 17:57:50.0765 0416 wmbclass - ok 17:57:50.0781 0416 WmiAcpi - ok 17:57:50.0812 0416 wmiApSrv - ok 17:57:50.0828 0416 WMPNetworkSvc - ok 17:57:50.0859 0416 wpcfltr - ok 17:57:50.0875 0416 WPCSvc - ok 17:57:50.0890 0416 WPDBusEnum - ok 17:57:50.0922 0416 WpdUpFltr - ok 17:57:50.0937 0416 ws2ifsl - ok 17:57:50.0953 0416 wscsvc - ok 17:57:50.0969 0416 WSearch - ok 17:57:51.0000 0416 WSService - ok 17:57:51.0015 0416 wuauserv - ok 17:57:51.0031 0416 WudfPf - ok 17:57:51.0047 0416 WUDFRd - ok 17:57:51.0062 0416 wudfsvc - ok 17:57:51.0078 0416 WUDFWpdFs - ok 17:57:51.0094 0416 WwanSvc - ok 17:57:51.0140 0416 ================ Scan global =============================== 17:57:51.0156 0416 [Global] - ok 17:57:51.0156 0416 ================ Scan MBR ================================== 17:57:51.0172 0416 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 17:57:51.0234 0416 \Device\Harddisk0\DR0 - ok 17:57:51.0234 0416 ================ Scan VBR ================================== 17:57:51.0234 0416 ============================================================ 17:57:51.0234 0416 Scan finished 17:57:51.0234 0416 ============================================================ 17:57:51.0265 4020 Detected object count: 0 17:57:51.0265 4020 Actual detected object count: 0 |
|
23.05.2013, 17:08
| #6 |
| /// Malware-holic | Ebay Trojaner hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Ebay Trojaner |
|
| Themen zu Ebay Trojaner |
| appdata, automatisch, avast, computer, datei, dateien, dienst, download, ebay, fake link, festgestellt, file, folge, google, keine viren, klicke, kunde, kundenservice, link, malwarebytes, nicht mehr, ordner, plötzlich, problem, programme, suche, surfen, trojaner, verbindung, viren, warum |
Linear-Darstellung
