ok dann erstelle mir noch mal ein neues otl log bitte

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 20.12.2011 00:13:52 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 72,08% Memory free
5,15 Gb Paging File | 3,84 Gb Available in Paging File | 74,54% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 81,18 Gb Free Space | 56,36% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 125,94 Gb Free Space | 89,64% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011.09.16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011.07.16 11:52:16 | 000,282,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.15 17:44:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.08.19 11:26:34 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.19 03:11:51 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.12.19 03:05:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
MOD - [2011.12.19 02:41:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.12.19 02:40:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.12.19 02:40:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.12.19 02:40:39 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.12.19 02:36:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.12.19 02:35:19 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.12.19 02:32:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.12.19 02:32:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.12.19 02:28:54 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.12.19 02:28:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.12.19 01:22:23 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011.12.19 01:21:18 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.12.19 01:21:16 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.12.19 01:20:55 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.12.19 01:20:38 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.12.19 01:20:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.12.19 01:20:12 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.12.19 01:19:53 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.11.02 19:44:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.11.02 19:44:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.11.02 19:44:28 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.10.09 10:35:37 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3163.29525__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3163.29501__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:37 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3163.29521__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3163.29512__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3163.29636__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:36 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3163.29612__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3163.29591__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3163.29637__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3163.29509__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:21 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3163.29597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3163.29571__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3163.29513__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3163.29532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3163.29584__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3163.29579__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3163.29583__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.09 10:35:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.09 10:35:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3119.30143__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.09 10:35:11 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3163.29498_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll
MOD - [2008.10.09 10:35:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3163.29648__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.09 10:35:10 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3163.29656__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3163.29517__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.09 10:35:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3163.29629__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3163.29628__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3163.29498__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3163.29497__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.09 10:35:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3163.29495__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.09 10:35:08 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3163.29506__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.09 10:35:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3163.29497__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.09 10:35:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3163.29496__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3163.29495__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.10.09 10:35:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3163.29629__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.07.22 15:13:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011.07.16 11:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.08.05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.12.29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.22 15:58:00 | 003,885,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.18 02:09:00 | 000,148,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.14 15:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.12.19 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.18 20:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 20:25:50 | 000,000,000 | ---D | M]
 
[2009.01.16 20:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions
[2010.11.03 14:12:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 02:13:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.03 14:15:15 | 000,001,196 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\p4zr2t02.default\searchplugins\winamp-search.xml
[2011.11.29 18:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.19 23:10:05 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111219231005.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate] C:\Users\chris\AppData\Roaming\mahmud.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CD06D75-C533-4034-AF76-58210A84C053}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O24 - Desktop BackupWallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.12.19 02:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.12.19 01:17:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.18 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Avira-DE-Cleaner
[2011.12.17 19:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.17 19:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.17 17:09:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.12.17 17:09:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.12.17 17:09:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.12.17 16:11:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.12.16 16:47:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.15 21:12:44 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2011.12.15 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.15 21:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.15 21:12:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.15 21:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.29 02:55:32 | 000,000,000 | ---D | C] -- C:\Download
[2011.11.29 02:54:47 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\My Videos
[2011.11.29 02:52:29 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
[2011.11.29 02:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.11.29 02:45:54 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Downloaded Installations
[2008.11.03 03:43:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 00:31:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.19 22:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 22:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:24:06 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.12.19 20:53:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.12.19 20:53:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.19 20:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 20:52:32 | 2649,079,808 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 03:04:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.12.19 03:04:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.12.19 03:04:36 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 02:32:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.19 02:32:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.19 02:32:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.19 02:32:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.19 02:25:10 | 000,297,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 02:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.19 02:19:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.18 18:39:33 | 000,000,794 | ---- | M] () -- C:\Windows\wininit.ini
[2011.12.18 17:39:37 | 000,512,952 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011.12.17 20:01:47 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{C1EE97AB-909F-4E6D-B763-428FB6C19851}
[2011.12.17 19:46:11 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 18:41:31 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{B1517E3E-6456-4DCB-9383-42888131285A}
[2011.12.17 17:56:17 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{1D73DC51-B105-4AEE-A92A-90BE72198FA2}
[2011.12.17 17:35:56 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{A13090DE-3365-4171-87F2-4C2CD8112A03}
[2011.12.17 17:35:18 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{0AF0EEA2-F7EE-4B88-BC46-60E070D89C5A}
[2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.16 15:35:16 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011.12.16 15:30:30 | 000,006,836 | ---- | M] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2011.12.16 15:00:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 20:23:12 | 000,066,216 | ---- | M] () -- C:\Users\chris\Desktop\Avira-DE-Cleaner-starten.exe
[2011.12.15 19:33:34 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.11.29 18:49:34 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 03:04:36 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 02:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.19 02:19:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.18 22:29:16 | 000,066,216 | ---- | C] () -- C:\Users\chris\Desktop\Avira-DE-Cleaner-starten.exe
[2011.12.18 17:10:48 | 2649,079,808 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.17 20:01:47 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{C1EE97AB-909F-4E6D-B763-428FB6C19851}
[2011.12.17 19:46:10 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 18:41:31 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{B1517E3E-6456-4DCB-9383-42888131285A}
[2011.12.17 17:56:17 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{1D73DC51-B105-4AEE-A92A-90BE72198FA2}
[2011.12.17 17:35:56 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{A13090DE-3365-4171-87F2-4C2CD8112A03}
[2011.12.17 17:35:18 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{0AF0EEA2-F7EE-4B88-BC46-60E070D89C5A}
[2011.12.15 21:12:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 19:33:34 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.12.13 15:00:14 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.11.29 18:49:34 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2010.03.16 22:20:35 | 000,000,794 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.01 08:16:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.01 08:16:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.20 16:07:54 | 000,006,836 | ---- | C] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2009.03.20 04:01:56 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.12 20:06:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.02.12 20:02:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.01.29 00:24:15 | 000,000,920 | ---- | C] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2009.01.16 20:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.15 21:08:36 | 000,038,400 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.15 18:26:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.03 03:41:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.03 03:41:42 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.11.03 03:41:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.11.03 03:41:36 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.11.03 03:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.03 03:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.02 19:44:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.11.02 19:33:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.09 11:01:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.09 10:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,297,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.02.27 14:16:43 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\.#
[2008.11.02 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Acer GameZone Console
[2009.01.26 07:40:46 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\iWin
[2011.04.19 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Pyroxi
[2011.11.29 02:54:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Samsung
[2010.11.03 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\streamripper
[2009.01.29 00:24:24 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Template
[2011.04.01 16:07:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Zeeku
[2011.12.19 15:08:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.03.18 03:27:43 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.15 19:19:29 | 000,000,000 | ---D | M] -- C:\ACER
[2009.01.15 17:41:07 | 000,000,000 | ---D | M] -- C:\ACERSW
[2011.11.29 02:52:29 | 000,000,000 | ---D | M] -- C:\AllSharePhotoSlide
[2008.11.02 20:38:39 | 000,000,000 | ---D | M] -- C:\book
[2011.12.17 17:24:17 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.18 17:55:28 | 000,000,000 | ---D | M] -- C:\bwinPoker
[2008.10.09 10:46:36 | 000,000,000 | ---D | M] -- C:\CLSetup
[2011.12.19 02:22:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.15 17:35:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.29 02:55:32 | 000,000,000 | ---D | M] -- C:\Download
[2008.11.02 20:13:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.19 02:20:34 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.18 20:25:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.15 17:35:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.20 00:27:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.07 00:09:58 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.01.15 17:40:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.19 04:00:48 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.28 07:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip RS780MN M82ME-XT M86ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_37966648\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.22 15:13:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2011.12.20 00:13:30 | 002,359,296 | -HS- | M] () -- C:\Users\chris\ntuser.dat
[2011.12.20 00:13:30 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG1
[2011.12.15 19:06:22 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG2
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2011.12.15 19:06:22 | 000,065,536 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2011.12.19 15:08:18 | 000,065,536 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.20 20:52:45 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.12.19 15:08:18 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.01.15 17:40:48 | 000,000,020 | -HS- | M] () -- C:\Users\chris\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:533D8A6F8B270344
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
         

--- --- ---

ich hab nur diese datei bekommen eine zweite war dieses mal nicht dabei

hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [avupdate] C:\Users\chris\AppData\Roaming\mahmud.exe File not found

:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

autostart aufräumen
gehe auf start ausführen tippe:
msconfig
enter
systemstart
dort alle haken raus außer windows defender und mcui_exe
(mcafee)
ok klicken
pc neustarten
falls was wichtiges fehlt kann man es wieder anhaken.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: chris
->Flash cache emptied: 3093026 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 20838413 bytes
->Temporary Internet Files folder emptied: 30574343 bytes
->Java cache emptied: 350454841 bytes
->FireFox cache emptied: 253833279 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4951998 bytes
RecycleBin emptied: 411648 bytes

Total Files Cleaned = 630,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_180308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


autostart hab ich alles raus und nur den windows defender ein gemacht
die mcui_exe steht da aber nicht
habe noch die beiden mcafee teile ein gemacht das Security center und den Security scanner
ist das richtig so?
wenn du sagst das passt starte ich wie von dir beschrieben neu

genau mcafee muss drinnen bleiben.
starte neu und gucke ob alles läuft.
falls ja sichern wir noh das system ab

ok dann starte ich gleich mal neu eine frage habe ich aber noch mit einem anderen problem bei meinem laptop vielleicht kannst du mir sagen ob es ein hardware oder software problem ist
ich habe bei diesem laptop eine touchliste wo ich wireless lan zuschalten kann lauter und leiser machen usw
manchmal passiert es das der pc automatisch die lautstärke bis auf 0 macht tue ich sie dann wieder manuell hoch mit dem regler unten rechts bei der uhr geht die lautstärke wieder in gleichmässig bis auf 0
dieses problem kommt immer mal wieder und verschwindet dann auch wieder weist du ob das hardware oder software bedingt ist?

führe mal folgendes aus log dann posten:
http://ad13.geekstogo.com/MBRCheck.exe
downloaden doppelklicken log sollte geöffnet werden

ok neustart gemacht scheint alles zu funktionieren hängen tut nichts laptop läuft normal

die datei habe ich ausgeführt
da kamm
found non-standart or infected MBR

dann kam da was mit y or no
ich hab y gedrückt for more options
jetzt habe ich 3 auswahlmöglichkeiten
1 Dumb the MBR of a physical disk to file
2 Restore the MBR of a physical disk with a standart boot code
3 EXIT

soll ich da was machen?

ich will erst das log sehen

wie bekomm ich das das ist im dos modus hab da keine text datei bekommen

müsste eig automatisch aufgehen oder guck mal ob im selben ordner eines gespeichert wurde.

ne in dem ordner wo die exe ist steht nichts ich kann dir aber alles schreiben was auf dem dos bildschirm steht das ist fast nichts

upps sorry gefunden das hat sich auf dem desktop hinter dem dos bildschirm versteckt ich poste es gleich mal

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6530G
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 163):
0x82A0F000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC9000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\PSHED.dll
0x80427000 \SystemRoot\system32\BOOTVID.dll
0x8042F000 \SystemRoot\system32\CLFS.SYS
0x80470000 \SystemRoot\system32\CI.dll
0x80550000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\System32\drivers\partmgr.sys
0x80697000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A4000 \SystemRoot\system32\drivers\volmgr.sys
0x806B3000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FD000 \SystemRoot\system32\drivers\pciide.sys
0x80704000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80712000 \SystemRoot\System32\drivers\mountmgr.sys
0x80722000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8072A000 \SystemRoot\system32\drivers\atapi.sys
0x80732000 \SystemRoot\system32\drivers\ataport.SYS
0x80750000 \SystemRoot\system32\drivers\msahci.sys
0x8075A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8078C000 \SystemRoot\system32\drivers\fileinfo.sys
0x89609000 \SystemRoot\system32\drivers\mfehidk.sys
0x89678000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x89681000 \SystemRoot\System32\Drivers\ksecdd.sys
0x896F2000 \SystemRoot\system32\drivers\ndis.sys
0x8079C000 \SystemRoot\system32\drivers\msrpc.sys
0x89809000 \SystemRoot\system32\drivers\NETIO.SYS
0x89844000 \SystemRoot\System32\drivers\tcpip.sys
0x8992E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89A00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B10000 \SystemRoot\system32\drivers\volsnap.sys
0x89B49000 \SystemRoot\System32\Drivers\spldr.sys
0x89B51000 \SystemRoot\System32\Drivers\mup.sys
0x89B60000 \SystemRoot\System32\drivers\ecache.sys
0x89B87000 \SystemRoot\system32\drivers\disk.sys
0x89B98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BB9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x89949000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x89989000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D240000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8D24B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8D254000 \SystemRoot\system32\DRIVERS\processr.sys
0x8DA0C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D263000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DFAD000 \SystemRoot\System32\drivers\watchdog.sys
0x8D303000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D606000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D6F6000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8D707000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8D711000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D74F000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8D758000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D75A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D769000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D781000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D789000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D79C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D7A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D7D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D7E2000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8D7F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DFB9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DFC2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DFF1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D390000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D3A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D3CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D3D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89BE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D3ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D7FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x899CA000 \SystemRoot\system32\DRIVERS\ks.sys
0x807C7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x89BF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807D5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E607000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E63C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E64D000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8E670000 \SystemRoot\system32\drivers\portcls.sys
0x8E69D000 \SystemRoot\system32\drivers\drmk.sys
0x8E80E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA1D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8EB43000 \SystemRoot\system32\drivers\modem.sys
0x8EB50000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8EB5B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EB6B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EB72000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EB7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EB83000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EB8C000 \SystemRoot\System32\Drivers\Null.SYS
0x8EB93000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EB9A000 \SystemRoot\System32\drivers\vga.sys
0x8EBA6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EBC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EBCF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EBD7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EBE2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EBF0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E6C2000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8E6E9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E6FF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E713000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E745000 \SystemRoot\system32\drivers\afd.sys
0x8E78D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E7A3000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8E800000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EBF9000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8E7B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EE09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EE45000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EE4F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EE66000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8EE91000 \SystemRoot\system32\drivers\mfefirek.sys
0x8EEE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EEEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8EEF9000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x8EF39000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8EF4C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EF63000 \SystemRoot\System32\Drivers\tcusb.sys
0x8EF6E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97C00000 \SystemRoot\System32\win32k.sys
0x8EF77000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EF81000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8EFA2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E20000 \SystemRoot\System32\TSDDD.dll
0x97E40000 \SystemRoot\System32\cdd.dll
0x8EFB1000 \SystemRoot\system32\drivers\luafv.sys
0x9A20E000 \SystemRoot\system32\drivers\spsys.sys
0x9A2BE000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9A2D0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A2E0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A30A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A314000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A327000 \SystemRoot\system32\drivers\HTTP.sys
0x9A394000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A3B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A3CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A3DF000 \SystemRoot\system32\drivers\mrxdav.sys
0x8EFCC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E7C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8D218000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AE08000 \SystemRoot\System32\DRIVERS\srv.sys
0x9AE57000 \??\C:\Windows\system32\drivers\int15.sys
0x9AE68000 \SystemRoot\system32\drivers\peauth.sys
0x9AF46000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9AF4F000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9AF61000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9AF6B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9AFA2000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9AFBE000 \SystemRoot\system32\drivers\mfebopk.sys
0x9AFCB000 \SystemRoot\system32\drivers\cfwids.sys
0x9AFD8000 \??\C:\Windows\system32\drivers\mbam.sys
0x9AFDC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77AB0000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
588 C:\Windows\System32\smss.exe
664 csrss.exe
740 C:\Windows\System32\wininit.exe
752 csrss.exe
784 C:\Windows\System32\services.exe
796 C:\Windows\System32\lsass.exe
804 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\winlogon.exe
988 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\Ati2evxx.exe
1168 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\audiodg.exe
1396 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\SLsvc.exe
1464 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\Ati2evxx.exe
1664 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Common Files\SPBA\upeksvr.exe
1944 C:\Windows\System32\spoolsv.exe
2004 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\agrsmsvc.exe
800 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1188 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1456 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1048 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2084 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2112 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2156 C:\ACER\Mobility Center\MobilityService.exe
2208 C:\Windows\System32\rundll32.exe
2256 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2296 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2320 C:\Windows\System32\svchost.exe
2368 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
2472 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\SearchIndexer.exe
2624 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2688 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2744 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3044 C:\Windows\System32\taskeng.exe
3240 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1612 C:\Windows\servicing\TrustedInstaller.exe
908 C:\Windows\System32\dwm.exe
2032 C:\Windows\explorer.exe
2964 C:\Windows\System32\taskeng.exe
2312 C:\Program Files\McAfee.com\Agent\mcagent.exe
1756 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
1740 C:\Program Files\Windows Media Player\wmpnscfg.exe
2248 C:\Program Files\Windows Media Player\wmpnetwk.exe
4408 C:\Program Files\Mozilla Firefox\firefox.exe
5332 C:\Windows\System32\SearchProtocolHost.exe
5404 C:\Windows\System32\SearchFilterHost.exe
5660 C:\Users\chris\Desktop\Lieder & Videos\MBRCheck.exe
5676 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 11.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

hi windows cd zur hand?