Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden

mulatte56 · 27.03.2012, 10:21

Morgen,

das System läuft wie vorher auch recht gut.
Nur die Problematik mit der Startseite lässt sich ändern.

Swisstreasure · 27.03.2012, 15:35

Zitat:

Nur die Problematik mit der Startseite lässt sich ändern.

Wird immernoch die falsche angezeigt?

mulatte56 · 27.03.2012, 15:48

..... leider ja..ich habe in meinem vorherigen Post ein "nicht" einzufügen.
Nochmal: Ich kann meine Startseite nicht dauerhaft ändern.
Wenn ich den Browser offen habe, kann ich die Startseite ändern. Es erscheint im neuen Tab meine gewünschte Startseite. Jedoch beim Neuöffnen des Browsers erscheint wieder die "NatWest"-Startseite.

Swisstreasure · 27.03.2012, 18:27

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

mulatte56 · 27.03.2012, 19:52

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-27.03 - - 27.03.2012  19:51:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3000.1529 [GMT 2:00]
ausgeführt von:: c:\users\-\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\muzapp.exe
c:\windows\system32\settings.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 18:04 . 2012-03-27 18:05	--------	d-----w-	c:\users\-\AppData\Local\temp
2012-03-27 18:04 . 2012-03-27 18:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-27 17:42 . 2012-03-27 17:42	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0CC7809-1C03-4C06-852F-7561C1E7EAB5}\MpKsl32e52214.sys
2012-03-27 14:46 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0CC7809-1C03-4C06-852F-7561C1E7EAB5}\mpengine.dll
2012-03-25 20:18 . 2012-03-25 20:18	--------	d-----w-	C:\_OTL
2012-03-25 18:56 . 2012-03-25 18:56	--------	d-----w-	c:\program files\7-Zip
2012-03-25 06:48 . 2011-09-21 08:25	21992	----a-w-	c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-25 06:48 . 2012-03-25 06:48	--------	d-----w-	c:\program files\CPUID
2012-03-25 06:41 . 2012-03-25 06:41	--------	d-----w-	c:\program files\Lavalys
2012-03-25 06:29 . 2012-03-25 06:29	--------	d-----w-	c:\program files\ESET
2012-03-24 20:01 . 2012-03-24 20:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-24 20:01 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-20 18:15 . 2012-03-19 18:54	16432	----a-w-	c:\windows\system32\lsdelete.exe
2012-03-19 18:54 . 2012-03-19 18:54	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2012-03-19 18:49 . 2012-03-19 18:49	--------	dc----w-	c:\windows\system32\DRVSTORE
2012-03-19 18:49 . 2011-10-28 18:35	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2012-03-19 18:49 . 2012-03-19 18:49	--------	d-----w-	c:\program files\Lavasoft
2012-03-19 18:49 . 2012-03-19 18:49	--------	d-----w-	c:\programdata\Lavasoft
2012-03-19 10:55 . 2012-03-19 10:55	--------	d-----w-	c:\programdata\WindowsSearch
2012-03-18 20:58 . 2012-03-18 20:58	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 20:58 . 2012-03-18 20:58	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 11:21 . 2012-03-17 11:58	--------	d-----w-	c:\users\-\AppData\Roaming\Notepad++
2012-03-17 11:21 . 2012-03-17 11:58	--------	d-----w-	c:\program files\Notepad++
2012-03-14 18:07 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 18:07 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 18:07 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 18:07 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 18:07 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 18:07 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 18:07 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 13:02 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 13:02 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 15:15 . 2012-03-22 06:09	--------	d-----w-	c:\users\-\AppData\Roaming\Teef
2012-03-13 15:15 . 2012-03-20 18:15	--------	d-----w-	c:\users\-\AppData\Roaming\Pyozam
2012-03-10 21:53 . 2012-03-10 21:53	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2012-03-10 21:53 . 2012-03-10 21:53	--------	d-----w-	c:\program files\Cisco Systems
2012-03-10 19:19 . 2012-03-10 19:20	--------	d-----w-	c:\program files\Paint.NET
2012-03-10 19:19 . 2012-03-25 13:12	--------	d-----w-	c:\users\-\AppData\Local\Paint.NET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 02:15 . 2011-11-19 09:56	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 21:52 . 2011-05-15 17:23	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 06:28 . 2012-02-10 06:29	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1E3DFF7-3D4C-4429-8821-AE7F577FFA55}\gapaengine.dll
2012-02-01 11:02 . 2012-02-01 11:02	1179595	----a-w-	c:\windows\unins002.exe
2012-02-01 10:59 . 2010-05-09 14:30	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-01 10:57 . 2012-02-01 10:57	709719	----a-w-	c:\windows\unins001.exe
2012-02-01 10:57 . 2012-02-01 10:57	1199175	----a-w-	c:\windows\unins000.exe
2012-01-31 12:44 . 2010-12-19 13:15	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-07 16:27 . 2012-02-01 11:02	131072	----a-w-	c:\windows\system32\AiORuntimes.dll
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 20:58 . 2011-04-30 06:45	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2012-3-10 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-3-1 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL32E52214
*Deregistered* - avgntflt
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 12:28]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 12:28]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1258192166-2581353187-2348948913-1000Core.job
- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 03:49]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1258192166-2581353187-2348948913-1000UA.job
- c:\users\-\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 03:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\-\AppData\Roaming\Mozilla\Firefox\Profiles\slobx3kk.default\
FF - prefs.js: browser.startup.homepage - n-tv.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.nwolb.com/AccountSummary.aspx
FF - user.js: browser.startup.page - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4180)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Zeit der Fertigstellung: 2012-03-27  20:16:56
ComboFix-quarantined-files.txt  2012-03-27 18:16
.
Vor Suchlauf: 13 Verzeichnis(se), 149.314.088.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 149.380.861.952 Bytes frei
.
- - End Of File - - 443254F4D4F7F6E127A997C69AAB4F45

--- --- ---

Swisstreasure · 27.03.2012, 20:16

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
  Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Bebilderte Anleitung zur Benutzung von TDSSKiller.

mulatte56 · 27.03.2012, 20:34

..erledigt.

21:24:51.0498 1696 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:24:51.0561 1696 ============================================================
21:24:51.0561 1696 Current date / time: 2012/03/27 21:24:51.0561
21:24:51.0561 1696 SystemInfo:
21:24:51.0561 1696
21:24:51.0561 1696 OS Version: 6.0.6002 ServicePack: 2.0
21:24:51.0561 1696 Product type: Workstation
21:24:51.0561 1696 ComputerName: --PC
21:24:51.0561 1696 UserName: -
21:24:51.0561 1696 Windows directory: C:\Windows
21:24:51.0561 1696 System windows directory: C:\Windows
21:24:51.0561 1696 Processor architecture: Intel x86
21:24:51.0561 1696 Number of processors: 2
21:24:51.0561 1696 Page size: 0x1000
21:24:51.0561 1696 Boot type: Normal boot
21:24:51.0561 1696 ============================================================
21:24:52.0247 1696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:24:52.0263 1696 \Device\Harddisk0\DR0:
21:24:52.0263 1696 MBR used
21:24:52.0263 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x1B66C800
21:24:52.0278 1696 Initialize success
21:24:52.0278 1696 ============================================================
21:24:54.0103 6132 ============================================================
21:24:54.0103 6132 Scan started
21:24:54.0103 6132 Mode: Manual;
21:24:54.0103 6132 ============================================================
21:24:54.0696 6132 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:24:54.0696 6132 ACPI - ok
21:24:54.0774 6132 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:24:54.0790 6132 adp94xx - ok
21:24:54.0852 6132 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:24:54.0852 6132 adpahci - ok
21:24:54.0899 6132 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:24:54.0899 6132 adpu160m - ok
21:24:54.0946 6132 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:24:54.0961 6132 adpu320 - ok
21:24:55.0024 6132 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:24:55.0024 6132 AeLookupSvc - ok
21:24:55.0086 6132 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:24:55.0102 6132 AFD - ok
21:24:55.0133 6132 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
21:24:55.0133 6132 AgereModemAudio - ok
21:24:55.0227 6132 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
21:24:55.0258 6132 AgereSoftModem - ok
21:24:55.0336 6132 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:24:55.0336 6132 agp440 - ok
21:24:55.0398 6132 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:24:55.0398 6132 aic78xx - ok
21:24:55.0429 6132 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:24:55.0429 6132 ALG - ok
21:24:55.0461 6132 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:24:55.0461 6132 aliide - ok
21:24:55.0523 6132 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:24:55.0523 6132 amdagp - ok
21:24:55.0554 6132 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:24:55.0554 6132 amdide - ok
21:24:55.0585 6132 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:24:55.0585 6132 AmdK7 - ok
21:24:55.0663 6132 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:24:55.0663 6132 AmdK8 - ok
21:24:55.0773 6132 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:24:55.0788 6132 AntiVirSchedulerService - ok
21:24:55.0851 6132 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:24:55.0851 6132 AntiVirService - ok
21:24:55.0975 6132 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:24:55.0991 6132 Appinfo - ok
21:24:56.0069 6132 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:24:56.0069 6132 arc - ok
21:24:56.0116 6132 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:24:56.0131 6132 arcsas - ok
21:24:56.0303 6132 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:24:56.0303 6132 aspnet_state - ok
21:24:56.0428 6132 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:56.0428 6132 AsyncMac - ok
21:24:56.0521 6132 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:24:56.0521 6132 atapi - ok
21:24:56.0818 6132 athr (d59e7a5daa08c91172e95b4f1ca6d8c3) C:\Windows\system32\DRIVERS\athr.sys
21:24:56.0865 6132 athr - ok
21:24:56.0989 6132 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:24:56.0989 6132 AudioEndpointBuilder - ok
21:24:57.0005 6132 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:24:57.0005 6132 Audiosrv - ok
21:24:57.0067 6132 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:24:57.0083 6132 avgntflt - ok
21:24:57.0145 6132 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:24:57.0145 6132 avipbb - ok
21:24:57.0270 6132 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:24:57.0270 6132 b57nd60x - ok
21:24:57.0426 6132 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:24:57.0426 6132 Beep - ok
21:24:57.0535 6132 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:24:57.0535 6132 BFE - ok
21:24:57.0613 6132 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:24:57.0629 6132 BITS - ok
21:24:57.0754 6132 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:24:57.0754 6132 blbdrive - ok
21:24:57.0832 6132 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:24:57.0832 6132 bowser - ok
21:24:57.0879 6132 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:24:57.0879 6132 BrFiltLo - ok
21:24:57.0894 6132 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:24:57.0910 6132 BrFiltUp - ok
21:24:57.0941 6132 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:24:57.0941 6132 Browser - ok
21:24:57.0972 6132 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:24:57.0972 6132 Brserid - ok
21:24:58.0003 6132 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:24:58.0019 6132 BrSerWdm - ok
21:24:58.0035 6132 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:24:58.0035 6132 BrUsbMdm - ok
21:24:58.0066 6132 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:24:58.0066 6132 BrUsbSer - ok
21:24:58.0097 6132 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:24:58.0097 6132 BTHMODEM - ok
21:24:58.0175 6132 catchme - ok
21:24:58.0269 6132 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:24:58.0269 6132 cdfs - ok
21:24:58.0315 6132 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:24:58.0331 6132 cdrom - ok
21:24:58.0362 6132 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:24:58.0362 6132 CertPropSvc - ok
21:24:58.0409 6132 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:24:58.0409 6132 circlass - ok
21:24:58.0471 6132 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:24:58.0487 6132 CLFS - ok
21:24:58.0581 6132 CLHNService (2b272d0a6e5071829b516ffdc7f841ca) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
21:24:58.0581 6132 CLHNService - ok
21:24:58.0705 6132 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:58.0705 6132 clr_optimization_v2.0.50727_32 - ok
21:24:58.0830 6132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:58.0830 6132 clr_optimization_v4.0.30319_32 - ok
21:24:58.0939 6132 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:58.0939 6132 CmBatt - ok
21:24:59.0002 6132 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:24:59.0002 6132 cmdide - ok
21:24:59.0142 6132 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:24:59.0142 6132 Compbatt - ok
21:24:59.0220 6132 COMSysApp - ok
21:24:59.0329 6132 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\Windows\system32\drivers\cpuz135_x32.sys
21:24:59.0329 6132 cpuz135 - ok
21:24:59.0376 6132 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:24:59.0376 6132 crcdisk - ok
21:24:59.0439 6132 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:24:59.0439 6132 Crusoe - ok
21:24:59.0563 6132 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:24:59.0579 6132 CryptSvc - ok
21:24:59.0751 6132 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
21:24:59.0751 6132 CVirtA - ok
21:25:00.0047 6132 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:25:00.0094 6132 CVPND - ok
21:25:00.0297 6132 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
21:25:00.0343 6132 CVPNDRVA - ok
21:25:00.0515 6132 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:25:00.0546 6132 DcomLaunch - ok
21:25:00.0749 6132 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:25:00.0765 6132 DfsC - ok
21:25:01.0201 6132 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:25:01.0279 6132 DFSR - ok
21:25:01.0451 6132 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
21:25:01.0467 6132 DgiVecp - ok
21:25:01.0591 6132 dg_ssudbus (846517582e1ddbde54fd2fdb60b6aa3a) C:\Windows\system32\DRIVERS\ssudbus.sys
21:25:01.0591 6132 dg_ssudbus - ok
21:25:01.0654 6132 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:25:01.0654 6132 Dhcp - ok
21:25:01.0716 6132 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:25:01.0716 6132 disk - ok
21:25:01.0794 6132 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:25:01.0794 6132 DKbFltr - ok
21:25:01.0903 6132 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
21:25:01.0903 6132 DNE - ok
21:25:01.0981 6132 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:25:01.0981 6132 Dnscache - ok
21:25:02.0044 6132 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:25:02.0044 6132 dot3svc - ok
21:25:02.0091 6132 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:25:02.0091 6132 DPS - ok
21:25:02.0137 6132 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:25:02.0137 6132 drmkaud - ok
21:25:02.0200 6132 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:25:02.0215 6132 DXGKrnl - ok
21:25:02.0293 6132 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:25:02.0293 6132 E1G60 - ok
21:25:02.0371 6132 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:25:02.0387 6132 EapHost - ok
21:25:02.0434 6132 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:25:02.0449 6132 Ecache - ok
21:25:02.0527 6132 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:25:02.0527 6132 ehRecvr - ok
21:25:02.0543 6132 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:25:02.0559 6132 ehSched - ok
21:25:02.0559 6132 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:25:02.0559 6132 ehstart - ok
21:25:02.0652 6132 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:25:02.0652 6132 elxstor - ok
21:25:02.0715 6132 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:25:02.0715 6132 EMDMgmt - ok
21:25:02.0808 6132 ePowerSvc (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
21:25:02.0808 6132 ePowerSvc - ok
21:25:02.0917 6132 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:25:02.0917 6132 ErrDev - ok
21:25:02.0995 6132 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:25:02.0995 6132 EventSystem - ok
21:25:03.0089 6132 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:25:03.0105 6132 exfat - ok
21:25:03.0136 6132 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:25:03.0151 6132 fastfat - ok
21:25:03.0307 6132 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:25:03.0307 6132 fdc - ok
21:25:03.0339 6132 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:25:03.0339 6132 fdPHost - ok
21:25:03.0370 6132 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:25:03.0370 6132 FDResPub - ok
21:25:03.0385 6132 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:25:03.0385 6132 FileInfo - ok
21:25:03.0417 6132 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:25:03.0417 6132 Filetrace - ok
21:25:03.0463 6132 FlashUSB (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
21:25:03.0479 6132 FlashUSB - ok
21:25:03.0526 6132 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:03.0526 6132 flpydisk - ok
21:25:03.0588 6132 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:25:03.0604 6132 FltMgr - ok
21:25:03.0853 6132 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:25:03.0900 6132 FontCache - ok
21:25:04.0056 6132 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:04.0056 6132 FontCache3.0.0.0 - ok
21:25:04.0181 6132 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:25:04.0181 6132 Fs_Rec - ok
21:25:04.0243 6132 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:25:04.0259 6132 gagp30kx - ok
21:25:04.0321 6132 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:25:04.0337 6132 gpsvc - ok
21:25:04.0415 6132 GPU-Z - ok
21:25:04.0555 6132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:25:04.0555 6132 gupdate - ok
21:25:04.0571 6132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:25:04.0571 6132 gupdatem - ok
21:25:04.0743 6132 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:25:04.0743 6132 HdAudAddService - ok
21:25:04.0867 6132 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:04.0883 6132 HDAudBus - ok
21:25:04.0930 6132 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:25:04.0930 6132 HidBth - ok
21:25:04.0961 6132 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:25:04.0961 6132 HidIr - ok
21:25:05.0008 6132 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:25:05.0023 6132 hidserv - ok
21:25:05.0055 6132 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:25:05.0055 6132 HidUsb - ok
21:25:05.0101 6132 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:25:05.0101 6132 hkmsvc - ok
21:25:05.0148 6132 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:25:05.0148 6132 HpCISSs - ok
21:25:05.0242 6132 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:25:05.0257 6132 HTTP - ok
21:25:05.0398 6132 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:25:05.0398 6132 i2omp - ok
21:25:05.0460 6132 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:05.0460 6132 i8042prt - ok
21:25:05.0507 6132 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
21:25:05.0523 6132 iaStor - ok
21:25:05.0585 6132 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:25:05.0585 6132 iaStorV - ok
21:25:05.0803 6132 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:05.0881 6132 idsvc - ok
21:25:06.0739 6132 igfx (37f7e45253000ac41a1f520a62d4ebe2) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:25:06.0833 6132 igfx - ok
21:25:06.0942 6132 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:25:06.0942 6132 iirsp - ok
21:25:07.0098 6132 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:25:07.0098 6132 IKEEXT - ok
21:25:07.0239 6132 IntcAzAudAddService - ok
21:25:07.0301 6132 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
21:25:07.0301 6132 IntcHdmiAddService - ok
21:25:07.0332 6132 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:25:07.0348 6132 intelide - ok
21:25:07.0410 6132 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:25:07.0410 6132 intelppm - ok
21:25:07.0457 6132 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:25:07.0457 6132 IPBusEnum - ok
21:25:07.0629 6132 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:07.0629 6132 IpFilterDriver - ok
21:25:07.0707 6132 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:25:07.0722 6132 iphlpsvc - ok
21:25:07.0753 6132 IpInIp - ok
21:25:07.0816 6132 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:25:07.0816 6132 IPMIDRV - ok
21:25:08.0065 6132 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:25:08.0081 6132 IPNAT - ok
21:25:08.0206 6132 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
21:25:08.0206 6132 irda - ok
21:25:08.0237 6132 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:25:08.0237 6132 IRENUM - ok
21:25:08.0268 6132 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
21:25:08.0268 6132 Irmon - ok
21:25:08.0299 6132 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:25:08.0299 6132 isapnp - ok
21:25:08.0362 6132 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:25:08.0362 6132 iScsiPrt - ok
21:25:08.0455 6132 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:25:08.0455 6132 iteatapi - ok
21:25:08.0565 6132 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:25:08.0565 6132 iteraid - ok
21:25:08.0721 6132 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:25:08.0721 6132 k57nd60x - ok
21:25:08.0767 6132 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:08.0767 6132 kbdclass - ok
21:25:08.0830 6132 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:25:08.0845 6132 kbdhid - ok
21:25:08.0892 6132 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:25:08.0892 6132 KeyIso - ok
21:25:08.0955 6132 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
21:25:08.0970 6132 KMService - ok
21:25:09.0079 6132 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:25:09.0142 6132 KSecDD - ok
21:25:09.0235 6132 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:25:09.0251 6132 KtmRm - ok
21:25:09.0298 6132 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:25:09.0298 6132 LanmanServer - ok
21:25:09.0345 6132 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:25:09.0360 6132 LanmanWorkstation - ok
21:25:09.0610 6132 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
21:25:09.0625 6132 Lavasoft Ad-Aware Service - ok
21:25:09.0688 6132 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:25:09.0688 6132 Lavasoft Kernexplorer - ok
21:25:09.0813 6132 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
21:25:09.0813 6132 Lbd - ok
21:25:09.0891 6132 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:25:09.0891 6132 lltdio - ok
21:25:10.0000 6132 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:25:10.0015 6132 lltdsvc - ok
21:25:10.0062 6132 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:25:10.0062 6132 lmhosts - ok
21:25:10.0156 6132 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:25:10.0156 6132 LSI_FC - ok
21:25:10.0327 6132 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:25:10.0327 6132 LSI_SAS - ok
21:25:10.0483 6132 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:25:10.0483 6132 LSI_SCSI - ok
21:25:10.0624 6132 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:25:10.0624 6132 luafv - ok
21:25:10.0780 6132 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:25:10.0780 6132 MBAMProtector - ok
21:25:10.0936 6132 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:10.0936 6132 MBAMService - ok
21:25:11.0185 6132 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:25:11.0185 6132 Mcx2Svc - ok
21:25:11.0388 6132 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:25:11.0388 6132 megasas - ok
21:25:11.0529 6132 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:25:11.0575 6132 MegaSR - ok
21:25:11.0669 6132 Microsoft SharePoint Workspace Audit Service - ok
21:25:11.0809 6132 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:25:11.0825 6132 MMCSS - ok
21:25:11.0872 6132 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:25:11.0872 6132 Modem - ok
21:25:11.0903 6132 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:25:11.0903 6132 monitor - ok
21:25:11.0934 6132 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:25:11.0934 6132 mouclass - ok
21:25:11.0965 6132 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:25:11.0965 6132 mouhid - ok
21:25:11.0997 6132 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:25:11.0997 6132 MountMgr - ok
21:25:12.0059 6132 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:25:12.0075 6132 MpFilter - ok
21:25:12.0106 6132 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:25:12.0121 6132 mpio - ok
21:25:12.0168 6132 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:25:12.0184 6132 MpNWMon - ok
21:25:12.0231 6132 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:25:12.0231 6132 mpsdrv - ok
21:25:12.0324 6132 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:25:12.0355 6132 MpsSvc - ok
21:25:12.0465 6132 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:25:12.0465 6132 Mraid35x - ok
21:25:12.0511 6132 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:25:12.0527 6132 MRxDAV - ok
21:25:12.0574 6132 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:12.0574 6132 mrxsmb - ok
21:25:12.0621 6132 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:12.0621 6132 mrxsmb10 - ok
21:25:12.0652 6132 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:12.0667 6132 mrxsmb20 - ok
21:25:12.0730 6132 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:25:12.0730 6132 msahci - ok
21:25:12.0792 6132 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:25:12.0792 6132 msdsm - ok
21:25:12.0839 6132 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:25:12.0855 6132 MSDTC - ok
21:25:12.0886 6132 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:25:12.0886 6132 Msfs - ok
21:25:12.0917 6132 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:25:12.0917 6132 msisadrv - ok
21:25:12.0964 6132 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:25:12.0964 6132 MSiSCSI - ok
21:25:12.0979 6132 msiserver - ok
21:25:13.0057 6132 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:25:13.0057 6132 MSKSSRV - ok
21:25:13.0198 6132 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:25:13.0198 6132 MsMpSvc - ok
21:25:13.0354 6132 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:13.0354 6132 MSPCLOCK - ok
21:25:13.0557 6132 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:25:13.0572 6132 MSPQM - ok
21:25:13.0666 6132 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:25:13.0666 6132 MsRPC - ok
21:25:13.0697 6132 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:13.0697 6132 mssmbios - ok
21:25:13.0728 6132 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:25:13.0728 6132 MSTEE - ok
21:25:13.0775 6132 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:25:13.0775 6132 Mup - ok
21:25:13.0806 6132 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:25:13.0806 6132 mwlPSDFilter - ok
21:25:13.0822 6132 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:25:13.0822 6132 mwlPSDNServ - ok
21:25:13.0869 6132 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:25:13.0869 6132 mwlPSDVDisk - ok
21:25:13.0993 6132 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:25:13.0993 6132 MWLService - ok
21:25:14.0040 6132 MySQL55 - ok
21:25:14.0181 6132 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:25:14.0196 6132 napagent - ok
21:25:14.0305 6132 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:25:14.0321 6132 NativeWifiP - ok
21:25:14.0493 6132 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:25:14.0493 6132 NDIS - ok
21:25:14.0586 6132 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:14.0586 6132 NdisTapi - ok
21:25:14.0617 6132 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:14.0617 6132 Ndisuio - ok
21:25:14.0695 6132 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:14.0695 6132 NdisWan - ok
21:25:14.0758 6132 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:25:14.0773 6132 NDProxy - ok
21:25:14.0789 6132 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:25:14.0789 6132 NetBIOS - ok
21:25:14.0851 6132 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:25:14.0851 6132 netbt - ok
21:25:14.0961 6132 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:25:14.0961 6132 Netlogon - ok
21:25:15.0023 6132 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:25:15.0039 6132 Netman - ok
21:25:15.0070 6132 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:25:15.0070 6132 netprofm - ok
21:25:15.0148 6132 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:15.0148 6132 NetTcpPortSharing - ok
21:25:15.0226 6132 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:25:15.0226 6132 nfrd960 - ok
21:25:15.0304 6132 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:25:15.0304 6132 NisDrv - ok
21:25:15.0413 6132 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:25:15.0429 6132 NisSrv - ok
21:25:15.0507 6132 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:25:15.0522 6132 NlaSvc - ok
21:25:15.0569 6132 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:25:15.0569 6132 Npfs - ok
21:25:15.0631 6132 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
21:25:15.0631 6132 NSCIRDA - ok
21:25:15.0725 6132 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:25:15.0725 6132 nsi - ok
21:25:15.0772 6132 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:25:15.0787 6132 nsiproxy - ok
21:25:15.0943 6132 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:25:16.0037 6132 Ntfs - ok
21:25:16.0115 6132 NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:25:16.0131 6132 NTI IScheduleSvc - ok
21:25:16.0177 6132 NTIBackupSvc (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
21:25:16.0177 6132 NTIBackupSvc - ok
21:25:16.0302 6132 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
21:25:16.0302 6132 NTIDrvr - ok
21:25:16.0380 6132 NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
21:25:16.0380 6132 NTISchedulerSvc - ok
21:25:16.0567 6132 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:25:16.0583 6132 ntrigdigi - ok
21:25:16.0708 6132 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:25:16.0708 6132 Null - ok
21:25:16.0755 6132 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:25:16.0755 6132 nvraid - ok
21:25:16.0801 6132 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:25:16.0801 6132 nvstor - ok
21:25:16.0833 6132 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:25:16.0833 6132 nv_agp - ok
21:25:16.0848 6132 NwlnkFlt - ok
21:25:16.0864 6132 NwlnkFwd - ok
21:25:16.0911 6132 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:25:16.0911 6132 ohci1394 - ok
21:25:17.0020 6132 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:25:17.0020 6132 ose - ok
21:25:17.0394 6132 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:25:17.0457 6132 osppsvc - ok
21:25:17.0581 6132 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:25:17.0628 6132 p2pimsvc - ok
21:25:17.0644 6132 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:25:17.0659 6132 p2psvc - ok
21:25:17.0753 6132 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:25:17.0769 6132 Parport - ok
21:25:17.0847 6132 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:25:17.0862 6132 partmgr - ok
21:25:17.0909 6132 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:25:17.0909 6132 Parvdm - ok
21:25:17.0956 6132 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:25:17.0971 6132 PcaSvc - ok
21:25:18.0018 6132 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:25:18.0034 6132 pci - ok
21:25:18.0081 6132 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:25:18.0081 6132 pciide - ok
21:25:18.0159 6132 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
21:25:18.0159 6132 pcmcia - ok
21:25:18.0299 6132 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:25:18.0377 6132 PEAUTH - ok
21:25:18.0595 6132 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:25:18.0642 6132 pla - ok
21:25:18.0751 6132 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:25:18.0751 6132 PlugPlay - ok
21:25:18.0814 6132 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:25:18.0829 6132 PNRPAutoReg - ok
21:25:18.0876 6132 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:25:18.0892 6132 PNRPsvc - ok
21:25:19.0001 6132 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:25:19.0001 6132 PolicyAgent - ok
21:25:19.0079 6132 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:25:19.0079 6132 PptpMiniport - ok
21:25:19.0126 6132 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:25:19.0141 6132 Processor - ok
21:25:19.0188 6132 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:25:19.0188 6132 ProfSvc - ok
21:25:19.0219 6132 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:25:19.0235 6132 ProtectedStorage - ok
21:25:19.0313 6132 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:25:19.0313 6132 PSched - ok
21:25:19.0453 6132 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:25:19.0531 6132 ql2300 - ok
21:25:19.0641 6132 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:25:19.0641 6132 ql40xx - ok
21:25:19.0765 6132 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:25:19.0765 6132 QWAVE - ok
21:25:19.0875 6132 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:25:19.0875 6132 QWAVEdrv - ok
21:25:19.0968 6132 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:25:19.0968 6132 RasAcd - ok
21:25:20.0046 6132 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:25:20.0046 6132 RasAuto - ok
21:25:20.0109 6132 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:20.0109 6132 Rasl2tp - ok
21:25:20.0155 6132 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:25:20.0171 6132 RasMan - ok
21:25:20.0218 6132 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:20.0218 6132 RasPppoe - ok
21:25:20.0249 6132 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:25:20.0249 6132 RasSstp - ok
21:25:20.0296 6132 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:25:20.0311 6132 rdbss - ok
21:25:20.0405 6132 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:20.0405 6132 RDPCDD - ok
21:25:20.0483 6132 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:25:20.0483 6132 rdpdr - ok
21:25:20.0545 6132 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:25:20.0545 6132 RDPENCDD - ok
21:25:20.0639 6132 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:25:20.0639 6132 RDPWD - ok
21:25:20.0686 6132 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:25:20.0686 6132 RemoteAccess - ok
21:25:20.0733 6132 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:25:20.0748 6132 RemoteRegistry - ok
21:25:20.0811 6132 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
21:25:20.0811 6132 RimUsb - ok
21:25:20.0873 6132 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
21:25:20.0873 6132 RimVSerPort - ok
21:25:20.0935 6132 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:25:20.0951 6132 ROOTMODEM - ok
21:25:20.0998 6132 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:25:20.0998 6132 RpcLocator - ok
21:25:21.0076 6132 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:25:21.0091 6132 RpcSs - ok
21:25:21.0154 6132 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:25:21.0154 6132 rspndr - ok
21:25:21.0185 6132 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
21:25:21.0216 6132 RTSTOR - ok
21:25:21.0247 6132 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:25:21.0247 6132 SamSs - ok
21:25:21.0325 6132 Samsung UPD Service (bd26a150dc292913e48ee2b950372dfd) C:\Windows\System32\SUPDSvc.exe
21:25:21.0341 6132 Samsung UPD Service - ok
21:25:21.0388 6132 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:25:21.0388 6132 sbp2port - ok
21:25:21.0637 6132 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:25:21.0653 6132 SBSDWSCService - ok
21:25:21.0871 6132 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:25:21.0887 6132 SCardSvr - ok
21:25:22.0074 6132 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:25:22.0090 6132 Schedule - ok
21:25:22.0339 6132 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:25:22.0339 6132 SCPolicySvc - ok
21:25:22.0589 6132 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:25:22.0589 6132 sdbus - ok
21:25:22.0870 6132 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:25:22.0885 6132 SDRSVC - ok
21:25:23.0182 6132 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:25:23.0197 6132 secdrv - ok
21:25:23.0307 6132 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:25:23.0307 6132 seclogon - ok
21:25:23.0369 6132 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:25:23.0369 6132 SENS - ok
21:25:23.0463 6132 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:25:23.0463 6132 Serenum - ok
21:25:23.0759 6132 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:25:23.0775 6132 Serial - ok
21:25:24.0180 6132 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:25:24.0180 6132 sermouse - ok
21:25:24.0305 6132 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:25:24.0321 6132 SessionEnv - ok
21:25:24.0383 6132 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:25:24.0383 6132 sffdisk - ok
21:25:24.0430 6132 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:25:24.0445 6132 sffp_mmc - ok
21:25:24.0633 6132 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:25:24.0633 6132 sffp_sd - ok
21:25:24.0695 6132 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:25:24.0695 6132 sfloppy - ok
21:25:24.0742 6132 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:25:24.0789 6132 SharedAccess - ok
21:25:24.0835 6132 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:25:24.0835 6132 ShellHWDetection - ok
21:25:24.0898 6132 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:25:24.0898 6132 sisagp - ok
21:25:24.0960 6132 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:25:24.0960 6132 SiSRaid2 - ok
21:25:25.0038 6132 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:25:25.0038 6132 SiSRaid4 - ok
21:25:25.0179 6132 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:25:25.0225 6132 slsvc - ok
21:25:25.0319 6132 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:25:25.0319 6132 SLUINotify - ok
21:25:25.0381 6132 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:25:25.0381 6132 Smb - ok
21:25:25.0459 6132 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:25:25.0459 6132 SNMPTRAP - ok
21:25:25.0522 6132 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:25:25.0522 6132 spldr - ok
21:25:25.0584 6132 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:25:25.0600 6132 Spooler - ok
21:25:25.0662 6132 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:25:25.0693 6132 srv - ok
21:25:25.0818 6132 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:25:25.0818 6132 srv2 - ok
21:25:25.0865 6132 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:25:25.0865 6132 srvnet - ok
21:25:25.0896 6132 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:25:25.0912 6132 SSDPSRV - ok
21:25:25.0959 6132 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:25:25.0974 6132 ssmdrv - ok
21:25:26.0021 6132 ssm_bus (9ece19a1a4f4896597c3bb840fbfa721) C:\Windows\system32\DRIVERS\ssm_bus.sys
21:25:26.0021 6132 ssm_bus - ok
21:25:26.0068 6132 ssm_mdfl (8e93a17a5253999a0e7c332f475699dc) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
21:25:26.0068 6132 ssm_mdfl - ok
21:25:26.0115 6132 ssm_mdm (c0ba1357c63deacf3b3ccf4b989fef06) C:\Windows\system32\DRIVERS\ssm_mdm.sys
21:25:26.0115 6132 ssm_mdm - ok
21:25:26.0193 6132 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
21:25:26.0193 6132 SSPORT - ok
21:25:26.0239 6132 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:25:26.0239 6132 SstpSvc - ok
21:25:26.0333 6132 ssudmdm (a96126953bb5cbf83c5a8cd101a4ec23) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:25:26.0333 6132 ssudmdm - ok
21:25:26.0395 6132 ssudserd (5db8f3b7de33e5b211d858efc76d50ed) C:\Windows\system32\DRIVERS\ssudserd.sys
21:25:26.0395 6132 ssudserd - ok
21:25:26.0536 6132 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:25:26.0551 6132 stisvc - ok
21:25:26.0692 6132 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:25:26.0692 6132 swenum - ok
21:25:26.0770 6132 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:25:26.0785 6132 swprv - ok
21:25:26.0832 6132 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:25:26.0832 6132 Symc8xx - ok
21:25:26.0863 6132 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:25:26.0863 6132 Sym_hi - ok
21:25:26.0879 6132 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:25:26.0879 6132 Sym_u3 - ok
21:25:26.0926 6132 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
21:25:26.0941 6132 SynTP - ok
21:25:27.0082 6132 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:25:27.0113 6132 SysMain - ok
21:25:27.0300 6132 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:25:27.0316 6132 TabletInputService - ok
21:25:27.0409 6132 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:25:27.0425 6132 TapiSrv - ok
21:25:27.0456 6132 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:25:27.0456 6132 TBS - ok
21:25:27.0597 6132 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:25:27.0643 6132 Tcpip - ok
21:25:27.0877 6132 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:25:27.0893 6132 Tcpip6 - ok
21:25:28.0018 6132 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:25:28.0018 6132 tcpipreg - ok
21:25:28.0080 6132 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:25:28.0080 6132 TDPIPE - ok
21:25:28.0096 6132 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:25:28.0111 6132 TDTCP - ok
21:25:28.0143 6132 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:25:28.0143 6132 tdx - ok
21:25:28.0205 6132 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:25:28.0205 6132 TermDD - ok
21:25:28.0252 6132 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:25:28.0283 6132 TermService - ok
21:25:28.0345 6132 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:25:28.0345 6132 Themes - ok
21:25:28.0470 6132 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:25:28.0470 6132 THREADORDER - ok
21:25:28.0657 6132 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:25:28.0673 6132 TrkWks - ok
21:25:28.0813 6132 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:25:28.0813 6132 TrustedInstaller - ok
21:25:29.0079 6132 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:29.0079 6132 tssecsrv - ok
21:25:29.0297 6132 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:25:29.0391 6132 tunmp - ok
21:25:29.0547 6132 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:25:29.0547 6132 tunnel - ok
21:25:29.0734 6132 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:25:29.0734 6132 uagp35 - ok
21:25:29.0890 6132 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
21:25:29.0890 6132 UBHelper - ok
21:25:30.0061 6132 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:25:30.0108 6132 udfs - ok
21:25:30.0327 6132 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:25:30.0327 6132 UI0Detect - ok
21:25:30.0592 6132 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:25:30.0607 6132 uliagpkx - ok
21:25:30.0888 6132 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:25:30.0888 6132 uliahci - ok
21:25:31.0107 6132 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:25:31.0107 6132 UlSata - ok
21:25:31.0372 6132 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:25:31.0372 6132 ulsata2 - ok
21:25:31.0512 6132 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:25:31.0512 6132 umbus - ok
21:25:31.0621 6132 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:25:31.0637 6132 upnphost - ok
21:25:31.0809 6132 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:31.0824 6132 usbccgp - ok
21:25:31.0980 6132 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:25:31.0980 6132 usbcir - ok
21:25:32.0089 6132 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:25:32.0089 6132 usbehci - ok
21:25:32.0136 6132 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:25:32.0136 6132 usbhub - ok
21:25:32.0167 6132 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:25:32.0167 6132 usbohci - ok
21:25:32.0199 6132 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:25:32.0214 6132 usbprint - ok
21:25:32.0245 6132 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:25:32.0245 6132 usbscan - ok
21:25:32.0277 6132 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:32.0292 6132 USBSTOR - ok
21:25:32.0308 6132 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:25:32.0308 6132 usbuhci - ok
21:25:32.0355 6132 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:25:32.0370 6132 usbvideo - ok
21:25:32.0386 6132 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:25:32.0386 6132 UxSms - ok
21:25:32.0464 6132 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:25:32.0495 6132 vds - ok
21:25:32.0542 6132 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:32.0557 6132 vga - ok
21:25:32.0604 6132 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:25:32.0604 6132 VgaSave - ok
21:25:32.0635 6132 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:25:32.0635 6132 viaagp - ok
21:25:32.0698 6132 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:25:32.0698 6132 ViaC7 - ok
21:25:32.0713 6132 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:25:32.0713 6132 viaide - ok
21:25:32.0745 6132 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:25:32.0745 6132 volmgr - ok
21:25:32.0791 6132 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:25:32.0807 6132 volmgrx - ok
21:25:32.0854 6132 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:25:32.0854 6132 volsnap - ok
21:25:33.0010 6132 vpnagent (1ca935adf4353a6e27c4affa2e2708c5) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:25:33.0025 6132 vpnagent - ok
21:25:33.0228 6132 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
21:25:33.0244 6132 vpnva - ok
21:25:33.0400 6132 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:25:33.0400 6132 vsmraid - ok
21:25:33.0587 6132 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:25:33.0649 6132 VSS - ok
21:25:33.0696 6132 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:25:33.0727 6132 W32Time - ok
21:25:33.0790 6132 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:25:33.0790 6132 WacomPen - ok
21:25:33.0837 6132 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:33.0852 6132 Wanarp - ok
21:25:33.0852 6132 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:25:33.0852 6132 Wanarpv6 - ok
21:25:33.0946 6132 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:25:33.0946 6132 wcncsvc - ok
21:25:33.0977 6132 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:25:33.0993 6132 WcsPlugInService - ok
21:25:34.0117 6132 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:25:34.0133 6132 Wd - ok
21:25:34.0242 6132 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:25:34.0289 6132 Wdf01000 - ok
21:25:34.0492 6132 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:25:34.0492 6132 WdiServiceHost - ok
21:25:34.0507 6132 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:25:34.0507 6132 WdiSystemHost - ok
21:25:34.0617 6132 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:25:34.0632 6132 WebClient - ok
21:25:34.0788 6132 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:25:34.0804 6132 Wecsvc - ok
21:25:34.0944 6132 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:25:34.0960 6132 wercplsupport - ok
21:25:35.0085 6132 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:25:35.0085 6132 WerSvc - ok
21:25:35.0163 6132 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:25:35.0163 6132 WinDefend - ok
21:25:35.0178 6132 WinHttpAutoProxySvc - ok
21:25:35.0303 6132 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:25:35.0303 6132 Winmgmt - ok
21:25:35.0475 6132 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:25:35.0537 6132 WinRM - ok
21:25:35.0693 6132 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:25:35.0724 6132 Wlansvc - ok
21:25:35.0771 6132 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:25:35.0771 6132 WmiAcpi - ok
21:25:35.0896 6132 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:25:35.0896 6132 wmiApSrv - ok
21:25:36.0021 6132 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:25:36.0036 6132 WMPNetworkSvc - ok
21:25:36.0130 6132 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:25:36.0145 6132 WPCSvc - ok
21:25:36.0208 6132 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:25:36.0223 6132 WPDBusEnum - ok
21:25:36.0333 6132 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:25:36.0333 6132 WpdUsb - ok
21:25:36.0535 6132 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:25:36.0551 6132 WPFFontCache_v0400 - ok
21:25:36.0691 6132 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:25:36.0691 6132 ws2ifsl - ok
21:25:36.0785 6132 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:25:36.0785 6132 wscsvc - ok
21:25:36.0816 6132 WSearch - ok
21:25:37.0003 6132 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:25:37.0097 6132 wuauserv - ok
21:25:37.0284 6132 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:37.0300 6132 WUDFRd - ok
21:25:37.0347 6132 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:25:37.0347 6132 wudfsvc - ok
21:25:37.0440 6132 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:25:37.0518 6132 \Device\Harddisk0\DR0 - ok
21:25:37.0518 6132 Boot (0x1200) (6c05b17a625fb05b91208a589186cbbd) \Device\Harddisk0\DR0\Partition0
21:25:37.0518 6132 \Device\Harddisk0\DR0\Partition0 - ok
21:25:37.0518 6132 ============================================================
21:25:37.0518 6132 Scan finished
21:25:37.0518 6132 ============================================================
21:25:37.0534 5212 Detected object count: 0
21:25:37.0534 5212 Actual detected object count: 0
21:26:08.0874 0420 Deinitialize success

Swisstreasure · 28.03.2012, 19:00

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

mulatte56 · 29.03.2012, 09:56

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 10:40:20 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\-\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 53,48% Memory free
6,08 Gb Paging File | 4,52 Gb Available in Paging File | 74,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,21 Gb Total Space | 140,09 Gb Free Space | 63,91% Space Free | Partition Type: NTFS
 
Computer Name: --PC | User Name: - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 10:39:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\-\Desktop\OTL.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.13 22:57:18 | 008,155,648 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2011.06.28 14:22:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.06.15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 23:13:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.30 19:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.21 20:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.27 21:01:24 | 000,055,816 | ---- | M] () -- C:\Users\-\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2012.02.25 04:14:49 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
MOD - [2012.02.25 04:11:35 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll
MOD - [2012.02.25 04:11:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012.02.25 04:06:52 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
MOD - [2012.02.25 04:06:16 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MOD - [2012.02.25 04:06:14 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012.02.25 04:05:53 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012.02.25 04:05:38 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012.02.25 04:05:33 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012.02.25 04:05:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012.02.25 04:05:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012.02.25 04:05:15 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011.12.01 00:32:20 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.12.01 00:32:20 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.10.14 03:31:12 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.06 16:12:32 | 000,610,304 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\spd__du.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.28 20:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.13 22:57:18 | 008,155,648 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV - [2011.06.28 14:22:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 23:13:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.10.21 20:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.08.09 04:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Users\-\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\-\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.28 20:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011.09.21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011.06.28 14:22:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 14:22:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Unknown] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011.06.16 11:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.04.27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.12.21 07:55:02 | 000,132,608 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2010.12.21 07:55:02 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB)
DRV - [2010.12.21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.05.06 03:46:36 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.03.15 08:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.06.09 04:18:16 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.10 19:34:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F64EFC9-9504-4C85-9579-0E56D9DB0BA0}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.nwolb.com/AccountSummary.aspx"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1fc895a6-2042-46ec-a61b-233165b4c218}:1.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
 
FF - user.js..browser.startup.homepage: "https://www.nwolb.com/AccountSummary.aspx"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\-\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\-\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 12:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 22:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 08:45:24 | 000,000,000 | ---D | M]
 
[2010.10.06 16:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Extensions
[2010.10.06 16:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.02.14 21:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\slobx3kk.default\extensions
[2010.05.09 08:43:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\slobx3kk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.14 21:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\slobx3kk.default\extensions\staged
[2010.11.10 14:05:54 | 000,002,322 | ---- | M] () -- C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\slobx3kk.default\searchplugins\sport1de.xml
[2012.03.26 22:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.01 21:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLOBX3KK.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLOBX3KK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\-\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLOBX3KK.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.18 22:58:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.01 12:59:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 07:01:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 07:01:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 07:01:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 07:01:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 07:01:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 07:01:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\-\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\-\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\-\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2012.03.27 20:04:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD57ED0F-7583-4B44-809E-4ECD2686BC72}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 10:39:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\-\Desktop\OTL.exe
[2012.03.27 20:17:17 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Local\temp
[2012.03.27 20:14:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.27 19:47:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.27 19:47:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.27 19:47:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.25 22:18:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.25 22:00:31 | 000,000,000 | ---D | C] -- C:\Users\-\Desktop\Neustart
[2012.03.25 21:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.03.25 21:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.03.25 20:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.25 20:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.25 16:57:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.03.25 15:55:45 | 000,000,000 | ---D | C] -- C:\Users\-\Desktop\eBay
[2012.03.25 08:48:39 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012.03.25 08:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.03.25 08:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.03.25 08:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.03.25 08:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2012.03.25 08:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.25 00:51:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.25 00:50:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.24 22:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.24 22:01:22 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.24 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 22:15:30 | 000,000,000 | ---D | C] -- C:\Users\-\Desktop\Anrechnung
[2012.03.19 20:54:19 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012.03.19 20:49:32 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012.03.19 20:49:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.03.19 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012.03.19 20:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012.03.19 20:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.03.19 17:04:50 | 000,000,000 | ---D | C] -- C:\Users\-\Desktop\Rechnungsjournal_2012
[2012.03.19 12:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.03.18 18:58:08 | 000,000,000 | ---D | C] -- C:\Users\-\Desktop\HHN
[2012.03.17 13:21:44 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\Notepad++
[2012.03.17 13:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.03.13 17:15:07 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\Teef
[2012.03.13 17:15:07 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\Pyozam
[2012.03.10 23:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
[2012.03.10 23:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012.03.10 23:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012.03.10 21:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.03.10 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Local\Paint.NET
[2 C:\Users\-\Desktop\*.tmp files -> C:\Users\-\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 10:39:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\-\Desktop\OTL.exe
[2012.03.29 10:32:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.29 10:09:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1258192166-2581353187-2348948913-1000UA.job
[2012.03.29 08:49:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 08:49:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 04:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.28 22:32:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.28 20:49:15 | 000,797,922 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.28 20:49:15 | 000,656,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.28 20:49:15 | 000,183,940 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.28 20:49:15 | 000,156,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.28 20:09:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1258192166-2581353187-2348948913-1000Core.job
[2012.03.27 20:04:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.03.26 19:55:47 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.03.26 19:55:47 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.03.25 22:02:03 | 000,000,000 | ---- | M] () -- C:\Users\-\Documents\21
[2012.03.25 21:56:15 | 000,001,802 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.03.19 20:54:19 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012.03.19 20:54:17 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2012.03.17 17:21:03 | 000,006,431 | ---- | M] () -- C:\Users\-\.recently-used.xbel
[2012.03.16 08:15:40 | 000,007,052 | ---- | M] () -- C:\Users\-\AppData\Local\d3d9caps.dat
[2012.03.15 04:29:34 | 000,423,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.10 23:55:37 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012.03.10 23:53:55 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012.03.10 21:20:36 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2 C:\Users\-\Desktop\*.tmp files -> C:\Users\-\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.27 19:47:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.27 19:47:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.27 19:47:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.27 19:47:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.27 19:47:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.25 22:02:03 | 000,000,000 | ---- | C] () -- C:\Users\-\Documents\21
[2012.03.25 21:56:10 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012.03.22 21:16:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.03.22 21:16:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012.03.20 20:15:15 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012.03.17 17:21:03 | 000,006,431 | ---- | C] () -- C:\Users\-\.recently-used.xbel
[2012.03.10 23:53:55 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012.03.10 23:53:33 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012.03.10 21:20:36 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.03.10 21:20:36 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012.02.01 17:21:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012.02.01 13:02:56 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2012.02.01 13:02:25 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2012.02.01 13:02:19 | 001,179,595 | ---- | C] () -- C:\Windows\unins002.exe
[2012.02.01 13:02:19 | 000,010,740 | ---- | C] () -- C:\Windows\unins002.dat
[2012.02.01 12:57:48 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2012.02.01 12:57:48 | 000,007,950 | ---- | C] () -- C:\Windows\unins001.dat
[2012.02.01 12:57:09 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.02.01 12:57:09 | 000,011,905 | ---- | C] () -- C:\Windows\unins000.dat
[2012.01.19 22:16:48 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.09.14 08:16:17 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2011.08.27 21:23:58 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011.08.27 21:23:57 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011.08.27 21:23:57 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.08.27 21:23:57 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.06.03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.01.01 10:36:21 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.08.16 21:58:49 | 000,007,168 | ---- | C] () -- C:\Users\-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 17:46:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.28 21:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.07.28 21:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.07.28 21:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.07.28 20:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.05.06 22:17:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.06 22:17:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.04 10:42:52 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.05.04 10:42:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2010.05.04 09:22:57 | 000,007,052 | ---- | C] () -- C:\Users\-\AppData\Local\d3d9caps.dat
[2010.04.30 03:42:34 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2010.04.30 03:28:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2010.04.30 03:28:38 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.04.30 03:28:37 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2010.04.29 19:02:39 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010.04.29 19:02:39 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.04.29 19:02:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2010.04.29 19:09:58 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Acer GameZone Console
[2010.09.04 09:58:42 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\AquaSoft
[2010.12.18 15:35:52 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\AVG
[2010.12.18 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\AVG10
[2011.02.13 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 05:22:50 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\elsterformular
[2012.03.10 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\gtk-2.0
[2011.05.30 21:38:16 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\inkscape
[2012.01.11 22:54:22 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\IrfanView
[2012.01.30 18:24:09 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Lexware
[2012.01.19 22:26:15 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\MySQL
[2012.03.17 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Notepad++
[2010.05.04 09:45:34 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\NVD
[2010.05.17 22:13:31 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\OpenOffice.org
[2010.05.03 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\PowerCinema
[2012.03.20 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Pyozam
[2011.02.22 22:06:27 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Research In Motion
[2011.06.30 10:10:28 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Samsung
[2010.10.22 18:33:41 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\SoftGrid Client
[2012.03.22 08:09:33 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\Teef
[2011.02.22 23:50:00 | 000,000,000 | ---D | M] -- C:\Users\-\AppData\Roaming\TP
[2012.03.27 21:27:40 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.27 20:14:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.04.29 19:07:33 | 000,000,000 | ---D | M] -- C:\Acer
[2011.08.07 18:53:30 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.18 15:28:17 | 000,000,000 | ---D | M] -- C:\Book
[2010.05.10 10:19:02 | 000,000,000 | ---D | M] -- C:\Boot
[2010.05.03 16:09:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.03 16:16:11 | 000,000,000 | ---D | M] -- C:\Elements
[2011.05.08 11:52:51 | 000,000,000 | ---D | M] -- C:\Intel
[2009.02.25 04:24:55 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.26 22:48:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.28 21:10:02 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.03 16:09:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.27 20:17:22 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.03.29 10:44:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.04 10:41:17 | 000,000,000 | ---D | M] -- C:\Temp
[2010.05.03 16:12:43 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.27 20:57:29 | 000,000,000 | ---D | M] -- C:\Windows
[2012.03.22 17:30:31 | 000,000,000 | ---D | M] -- C:\xampp
[2012.03.25 22:18:21 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2010.04.30 03:33:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.04.30 03:33:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.04.30 03:33:48 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010.04.30 03:33:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 02:11:30

< End of report >

--- --- ---

Swisstreasure · 29.03.2012, 20:53

Ist das Problem noch vorhanden mit der Startseite?

mulatte56 · 29.03.2012, 21:01

hi,

leider ja. ich habe mal spaßeshalber Malwarebytes durchlaufen lassen und es wurde keine Bedrohungen gefunden.

Hi,

habe Firefox nun komplett gelöscht und wieder installiert. Das Startseitenproblem ist verschwunden.
Da Malwarebytes u. a. Virenprogramme keine Bedrohungen oder Viren entdeckt haben, kann ich davon ausgehen, dass mein System wieder virenfrei ist?

MfG

m. 56

Swisstreasure · 30.03.2012, 19:42

Schritt 1

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Schritt 2

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mulatte56 · 02.04.2012, 09:50

Hi,

alles erledigt. Alles wieder clean.
Vielen, vielen Dank!!
Hast mir sehr geholfen.
Alles Gute!

m. 56

Swisstreasure · 02.04.2012, 10:13

Gern geschehen

Viel Spass.

29.03.2012, 20:53	#25
Swisstreasure /// Malwareteam	Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden Ist das Problem noch vorhanden mit der Startseite?

02.04.2012, 10:13	#29
Swisstreasure /// Malwareteam	Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden Gern geschehen Viel Spass.

Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden

Log-Analyse und Auswertung: Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden