|
Plagegeister aller Art und deren Bekämpfung: Problem mit SearchquWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.05.2012, 15:55 | #1 |
| Problem mit Searchqu Hallo an alle, ich habe das gleiche Problem wie bereits einige andere User vor mir, nämlich habe ich ungewollt searchqu als Startseite und auch als Suchmaschine in der Browser-Adressleiste eingestellt. Sorry, dass ich ein neues Thema erstelle und das Forum damit zuspamme, aber das scheint hier ja sogar erwünscht zu sein Mein Virenscanner erkennt keinen Virus auf dem Rechner, auch wenn ich schon auf verschiedenen Seiten gelesen habe, dass es sich bei searchqu um einen Trojaner handeln soll. Ich habe nicht das übliche Proggi Ilivid installiert und habe auch keinen derartigen Ordner in meinen Programmfiles, finde es bei der Suche und auch in der Systemsteuerung unter Programme nicht; ich habe allerdings einen Ordner c:\program files\windows searchqu toolbar. Deinstalliert habe ich jetzt erstmal noch nichts. Ich habe einen OTL-Check durchgeführt, die logs findet ihr im Anhang. Vielen Dank im Voraus für eure Hilfe! |
21.05.2012, 19:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
22.05.2012, 22:20 | #3 |
| Problem mit Searchqu Hey Arne und hey Rest-Board
__________________erstmal danke ich dir für deine schnelle und nette Antwort! Mein Problem ist nun, dass ich meinen Firefox nicht mehr verwenden kann, um mir das Antivirenprogramm runterzuladen. Starte ich meinen Browser, hängt sich das Programm und mein gesamtes System gleich mit auf. Ich habe zur Vorsicht mal in der Systemsteuerung die Wlan-Karte deaktiviert, um aus- und eingehenden Datenverkehr komplett zu unterbinden, keine Ahnung, ob das so klug ist. Ich lade mir gerade bei einem Nachbarn Malwarebytes runter und werde sobald wie möglich einen Scan ausführen. Dazu werd ich natürlich meine Wlan-Karte wieder aktivieren, um das Update auszuführen, falls jetzt niemand ausdrücklich das Gegenteil empfiehlt. Keine Ahnung, was genau mit meinem Rechner los ist, aber ich bin auf jeden Fall an der Sache dran. Danke nochmals für die Hilfe, Maurice Das größere Problem, fällt mir gerade auf, ist natürlich der ESET-Online-Check, den ich leider nicht ausführen kann, wenn mein Browser nicht funktioniert.... |
23.05.2012, 09:27 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
23.05.2012, 16:58 | #5 |
| Problem mit Searchqu So. Im abgesicherten Modus hat natürlich alles wieder prächtig funktioniert. Danke für den Tipp. Hier ist die log-file vom ersten Scan, also Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.21.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 MCDB MOBIL :: MCDB-MOBIL [Administrator] Schutz: Deaktiviert 23.05.2012 14:01:02 mbam-log-2012-05-23 (16-12-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393785 Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt. HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Keine Aktion durchgeführt. HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der ESET-Scan läuft, und zwar schon seit knapp 2 Stunden. Scheint etwas länger zu dauern; die Scan-Ergebnisse kommen, sobald er fertig ist. |
23.05.2012, 20:11 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> Problem mit Searchqu |
23.05.2012, 22:13 | #7 |
| Problem mit Searchqu Nein, ich habe das Programm gestern installiert und erst einen Scan laufen lassen. Ich habe also nur diesen einen Scan-Log. Brauchst du auch die Protection-Logs? Hier ist wie gewünscht und angekündigt der ESET-Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7000353930c5744c8a1151aea08cd74a # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-23 02:23:06 # local_time=2012-05-23 04:23:06 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 48500461 175315392 0 0 # compatibility_mode=8192 67108863 100 0 168 168 0 0 # scanned=851 # found=0 # cleaned=0 # scan_time=296 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7000353930c5744c8a1151aea08cd74a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-23 06:23:22 # local_time=2012-05-23 08:23:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776574 100 100 48507365 175322296 0 0 # compatibility_mode=8192 67108863 100 0 7072 7072 0 0 # scanned=206988 # found=4 # cleaned=0 # scan_time=7808 C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I C:\Users\MCDB MOBIL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I |
24.05.2012, 20:20 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
24.05.2012, 21:55 | #9 |
| Problem mit Searchqu Hier ist das Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.05.2012 22:23:07 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\MCDB MOBIL\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 82,67% Memory free 6,02 Gb Paging File | 5,71 Gb Available in Paging File | 94,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 23,66 Gb Free Space | 16,41% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 9,81 Gb Free Space | 6,80% Space Free | Partition Type: NTFS Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys () DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys () DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys () DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys () DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys () DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH) DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH) DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH) DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH) DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG) DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys () DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.) DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.) DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M] [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions [2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions [2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml [2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml [2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI [2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.05.24 22:15:50 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002 [2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes [2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe [2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll [2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll [2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll [2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll [2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll [2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll [2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll [2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll [2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon ========== Files - Modified Within 30 Days ========== [2012.05.24 22:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.24 22:18:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.24 22:15:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.05.24 22:15:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 22:15:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar [2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job [2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job [2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe [2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf [2012.05.20 21:37:25 | 155,429,843 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3 [2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.13 14:44:11 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.13 14:44:11 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.13 14:44:11 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.13 14:44:11 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf [2012.05.20 21:29:17 | 155,429,843 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3 [2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx [2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.05.20 21:10:59 | 422,404,193 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love.flac [2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat [2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll [2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe [2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys [2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys [2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro [2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox [2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000 [2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software [2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon [2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView [2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon [2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job [2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job [2012.05.24 22:18:11 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe [2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink [2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro [2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX [2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox [2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss [2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000 [2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software [2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities [2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon [2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel [2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView [2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech [2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia [2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes [2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft [2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla [2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real [2012.05.24 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype [2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc [2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR [2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe [2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe [2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe [2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > [2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe [2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1 < End of report > Erneut ein fettes !!!! What to do next? PS: Mir fällt gerade ein, dass ich vielleicht erwähnen sollte, das ich auch diesen Scan im Abgesicherten Modus mit Netzwerktreibern durchgeführt habe, um die von dir angegebene Liste aus meinem Browser in OTL kopieren zu können. Es sind also wahrscheinlich nicht alle Prozesse aufgeführt, die im normalen Betrieb laufen würden. Ich hoffe, das ist kein Problem?! Wenn doch, mache ich den Scan natürlich nochmal und kopiere deine Liste vorher in ein txt-Dokument! PPS: Kann es zu weiteren Problemen kommen, wenn ich meine wichtigen Daten sichere? Also meine Musiksammlung und meine Daten für die Dissertation und so? |
25.05.2012, 10:34 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Achso ja, mach das lieber nochmal im normalen Modus. Den abgesicherten nur wenn ich es schreibe oder es Probleme im normalen Modus gibt Die Datensicherung kannst du auf jeden Fall tun, Backups sind immer eine gute Idee
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2012, 11:58 | #11 |
| Problem mit Searchqu Und nochmal.. Hat ne ganze Weile gedauert, mein Laptop hat sich zwischendrin einige Male aufgehängt... :/ OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.05.2012 12:34:40 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\MCDB MOBIL\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,98% Memory free 6,03 Gb Paging File | 4,33 Gb Available in Paging File | 71,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 27,53 Gb Free Space | 19,09% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 44,50 Gb Free Space | 30,87% Space Free | Partition Type: NTFS Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\MCDBMO~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Native Instruments\Traktor 2\Traktor.exe (Native Instruments Software Synthesis GmbH) PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG) PRC - c:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG) PRC - c:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys File not found DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys File not found DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys File not found DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys File not found DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys File not found DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH) DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH) DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH) DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH) DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG) DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys () DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.) DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.) DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M] [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions [2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions [2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml [2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml [2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI [2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.25 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.05.24 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\Desktop\logs [2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002 [2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes [2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe [2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll [2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll [2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll [2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll [2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll [2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll [2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll [2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll [2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon ========== Files - Modified Within 30 Days ========== [2012.05.25 12:12:58 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.25 12:12:58 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.25 12:12:58 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.25 12:12:58 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.25 12:06:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.05.25 12:05:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.25 12:05:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.25 12:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.25 12:04:44 | 3129,753,600 | -HS- | M] () -- C:\hiberfil.sys [2012.05.25 11:58:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar [2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job [2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job [2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe [2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf [2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012.05.25 12:04:44 | 3129,753,600 | -HS- | C] () -- C:\hiberfil.sys [2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf [2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx [2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat [2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll [2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe [2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys [2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys [2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro [2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox [2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000 [2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software [2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon [2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView [2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon [2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job [2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job [2012.05.25 11:58:56 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe [2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon [2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink [2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro [2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX [2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox [2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss [2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000 [2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software [2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack [2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities [2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon [2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel [2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView [2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech [2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia [2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes [2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft [2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla [2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real [2012.05.25 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype [2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc [2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR [2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe [2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe [2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe [2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > [2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe [2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1 < End of report > |
25.05.2012, 12:12 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms} FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/410" FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" FF - user.js - File not found [2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml [2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe () O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe [2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002 [2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1 :Files C:\Programme\Windows Searchqu Toolbar :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
25.05.2012, 15:49 | #13 |
| Problem mit Searchqu Im normalen, nicht abgesicherten Modus ist der Scan einmal durchgelaufen, das Programm hat sich jedoch direkt im Anschluss aufgehängt, und keine neue log-Datei ausgespuckt. In der alten olt.txt steht noch das Datum und die Zeit von dem Scan, den ich dir vorhin gepostet habe. Zudem hat sich der größte Teil der Prozesse auf meinem PC beendet, darunter auch die explorer.exe. Windows wollte seinen Bericht schicken, der folgende Dateien umfasst. Diese hätte ich gern eingefügt, aber sie sind - oh Wunder - nicht mehr im angegebenen Ordner... (Ich hab natürlich die versteckten Dateien anzeigen lassen). Code:
ATTFilter C:\Users\MCDB MOBIL\AppData\Local\Temp\WERCC07.tmp.version.txt C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED0F.tmp.appcompat.txt C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED3F.tmp.mdmp So. Frühschuss. Nach dem Neustart öffnete sich eine txt-Datei mit folgendem Inhalt: Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. Prefs.js: "Search Results" removed from browser.search.defaultenginename Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "Amazon.de" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.searchnu.com/410" removed from browser.startup.homepage Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" removed from keyword.URL C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully. C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml moved successfully. C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully. C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully. C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully. C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. C:\Programme\DealPly\DealPlyIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zinit32 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully. C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid deleted successfully. C:\Programme\Xvid\CheckUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll deleted successfully. C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found. File F:\Setup.exe -auto not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found. File G:\LaunchU3.exe not found. C:\found.002\dir0002.chk folder moved successfully. C:\found.002\dir0001.chk folder moved successfully. C:\found.002\dir0000.chk folder moved successfully. C:\found.002 folder moved successfully. C:\wilog.exe moved successfully. ADS C:\ProgramData\TEMP:A4C0DDD1 deleted successfully. ========== FILES ========== File\Folder C:\Programme\Windows Searchqu Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes ->Flash cache emptied: 56550 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MCDB MOBIL ->Temp folder emptied: 6950295081 bytes ->Temporary Internet Files folder emptied: 562400735 bytes ->Java cache emptied: 216482 bytes ->FireFox cache emptied: 106699039 bytes ->Flash cache emptied: 15265666 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3707408537 bytes RecycleBin emptied: 5615031687 bytes Total Files Cleaned = 16.172,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: MCDB MOBIL ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.43.1 log created on 05252012_140735 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
25.05.2012, 22:54 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Searchqu Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
26.05.2012, 14:14 | #15 |
| Problem mit Searchqu Done. Hier die Daten aus dem Report. Ich hab erstmal alles geskippt, wie du gesagt hast. Einige Funde kann ich käuflich erworbenen Programmen zuordnen, bsp NI (=Native Instruments).. Code:
ATTFilter 15:07:37.0252 4172 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 15:07:37.0533 4172 ============================================================ 15:07:37.0533 4172 Current date / time: 2012/05/26 15:07:37.0533 15:07:37.0533 4172 SystemInfo: 15:07:37.0533 4172 15:07:37.0533 4172 OS Version: 6.0.6002 ServicePack: 2.0 15:07:37.0533 4172 Product type: Workstation 15:07:37.0533 4172 ComputerName: MCDB-MOBIL 15:07:37.0533 4172 UserName: MCDB MOBIL 15:07:37.0533 4172 Windows directory: C:\Windows 15:07:37.0533 4172 System windows directory: C:\Windows 15:07:37.0533 4172 Processor architecture: Intel x86 15:07:37.0533 4172 Number of processors: 2 15:07:37.0533 4172 Page size: 0x1000 15:07:37.0533 4172 Boot type: Normal boot 15:07:37.0533 4172 ============================================================ 15:07:38.0875 4172 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:07:38.0875 4172 ============================================================ 15:07:38.0875 4172 \Device\Harddisk0\DR0: 15:07:38.0875 4172 MBR partitions: 15:07:38.0875 4172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000 15:07:38.0875 4172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800 15:07:38.0875 4172 ============================================================ 15:07:38.0937 4172 C: <-> \Device\Harddisk0\DR0\Partition0 15:07:39.0171 4172 D: <-> \Device\Harddisk0\DR0\Partition1 15:07:39.0187 4172 ============================================================ 15:07:39.0187 4172 Initialize success 15:07:39.0187 4172 ============================================================ 15:07:51.0324 1452 ============================================================ 15:07:51.0324 1452 Scan started 15:07:51.0324 1452 Mode: Manual; SigCheck; TDLFS; 15:07:51.0324 1452 ============================================================ 15:08:06.0705 1452 a4djavs (7b73a609a15979b16f2241636a2f5d13) C:\Windows\system32\Drivers\a4djavs.sys 15:08:06.0892 1452 a4djavs - ok 15:08:07.0080 1452 a4djusb_svc (9aea2035649119f42c11e149af78d8c2) C:\Windows\system32\Drivers\a4djusb.sys 15:08:07.0111 1452 a4djusb_svc - ok 15:08:07.0220 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 15:08:07.0251 1452 ACPI - ok 15:08:07.0704 1452 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 15:08:08.0016 1452 adp94xx - ok 15:08:08.0655 1452 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 15:08:08.0749 1452 adpahci - ok 15:08:08.0827 1452 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 15:08:08.0842 1452 adpu160m - ok 15:08:08.0936 1452 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 15:08:08.0967 1452 adpu320 - ok 15:08:09.0045 1452 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 15:08:09.0700 1452 AeLookupSvc - ok 15:08:10.0278 1452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 15:08:10.0434 1452 AFD - ok 15:08:10.0855 1452 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 15:08:10.0855 1452 agp440 - ok 15:08:11.0089 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 15:08:11.0120 1452 aic78xx - ok 15:08:11.0214 1452 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys 15:08:11.0276 1452 AlfaFF - ok 15:08:11.0370 1452 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 15:08:12.0649 1452 ALG - ok 15:08:12.0696 1452 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 15:08:12.0727 1452 aliide - ok 15:08:12.0805 1452 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 15:08:12.0820 1452 amdagp - ok 15:08:12.0930 1452 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 15:08:12.0945 1452 amdide - ok 15:08:13.0148 1452 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 15:08:13.0273 1452 AmdK7 - ok 15:08:13.0616 1452 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 15:08:13.0756 1452 AmdK8 - ok 15:08:13.0928 1452 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 15:08:14.0084 1452 Appinfo - ok 15:08:15.0020 1452 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll 15:08:15.0192 1452 AppMgmt - ok 15:08:15.0628 1452 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 15:08:15.0706 1452 arc - ok 15:08:15.0847 1452 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 15:08:15.0878 1452 arcsas - ok 15:08:15.0925 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 15:08:16.0065 1452 AsyncMac - ok 15:08:16.0190 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 15:08:16.0206 1452 atapi - ok 15:08:16.0845 1452 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 15:08:16.0908 1452 atksgt - ok 15:08:17.0391 1452 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:08:17.0578 1452 AudioEndpointBuilder - ok 15:08:17.0594 1452 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 15:08:17.0610 1452 Audiosrv - ok 15:08:17.0890 1452 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:08:18.0062 1452 b57nd60x - ok 15:08:18.0187 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 15:08:18.0234 1452 Beep - ok 15:08:18.0889 1452 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 15:08:19.0014 1452 BFE - ok 15:08:19.0622 1452 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 15:08:19.0794 1452 BITS - ok 15:08:19.0887 1452 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 15:08:19.0934 1452 blbdrive - ok 15:08:19.0981 1452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 15:08:20.0028 1452 bowser - ok 15:08:20.0059 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 15:08:20.0090 1452 BrFiltLo - ok 15:08:20.0121 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 15:08:20.0168 1452 BrFiltUp - ok 15:08:20.0277 1452 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 15:08:20.0308 1452 Browser - ok 15:08:20.0371 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 15:08:20.0558 1452 Brserid - ok 15:08:20.0792 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 15:08:20.0870 1452 BrSerWdm - ok 15:08:20.0917 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 15:08:21.0010 1452 BrUsbMdm - ok 15:08:21.0042 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 15:08:21.0120 1452 BrUsbSer - ok 15:08:21.0166 1452 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 15:08:21.0229 1452 BthEnum - ok 15:08:21.0276 1452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 15:08:21.0322 1452 BTHMODEM - ok 15:08:21.0416 1452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 15:08:21.0463 1452 BthPan - ok 15:08:21.0712 1452 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 15:08:21.0790 1452 BTHPORT - ok 15:08:21.0822 1452 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll 15:08:21.0853 1452 BthServ - ok 15:08:21.0900 1452 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 15:08:21.0900 1452 BTHUSB - ok 15:08:21.0978 1452 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys 15:08:21.0993 1452 btwaudio - ok 15:08:22.0024 1452 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys 15:08:22.0040 1452 btwavdt - ok 15:08:22.0056 1452 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys 15:08:22.0071 1452 btwrchid - ok 15:08:22.0227 1452 BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 15:08:22.0258 1452 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning 15:08:22.0258 1452 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1) 15:08:22.0290 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 15:08:22.0352 1452 cdfs - ok 15:08:22.0383 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 15:08:22.0430 1452 cdrom - ok 15:08:22.0461 1452 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:08:22.0492 1452 CertPropSvc - ok 15:08:22.0524 1452 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 15:08:22.0586 1452 circlass - ok 15:08:22.0648 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 15:08:22.0664 1452 CLFS - ok 15:08:22.0804 1452 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:08:22.0820 1452 clr_optimization_v2.0.50727_32 - ok 15:08:22.0929 1452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:08:22.0960 1452 clr_optimization_v4.0.30319_32 - ok 15:08:23.0007 1452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 15:08:23.0054 1452 CmBatt - ok 15:08:23.0101 1452 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 15:08:23.0116 1452 cmdide - ok 15:08:23.0132 1452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 15:08:23.0148 1452 Compbatt - ok 15:08:23.0148 1452 COMSysApp - ok 15:08:23.0163 1452 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 15:08:23.0163 1452 crcdisk - ok 15:08:23.0179 1452 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 15:08:23.0226 1452 Crusoe - ok 15:08:23.0288 1452 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 15:08:23.0319 1452 CryptSvc - ok 15:08:23.0382 1452 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 15:08:23.0444 1452 CSC - ok 15:08:23.0506 1452 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll 15:08:23.0553 1452 CscService - ok 15:08:23.0647 1452 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:08:23.0709 1452 DcomLaunch - ok 15:08:23.0772 1452 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 15:08:23.0834 1452 DfsC - ok 15:08:24.0942 1452 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 15:08:25.0082 1452 DFSR - ok 15:08:25.0534 1452 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 15:08:25.0566 1452 Dhcp - ok 15:08:25.0675 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 15:08:25.0690 1452 disk - ok 15:08:25.0737 1452 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 15:08:25.0753 1452 DKbFltr - ok 15:08:25.0909 1452 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 15:08:25.0971 1452 Dnscache - ok 15:08:26.0143 1452 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 15:08:26.0158 1452 dot3svc - ok 15:08:26.0330 1452 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 15:08:26.0377 1452 dot4 - ok 15:08:26.0408 1452 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 15:08:26.0455 1452 Dot4Print - ok 15:08:26.0502 1452 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 15:08:26.0533 1452 dot4usb - ok 15:08:26.0580 1452 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 15:08:26.0611 1452 DPS - ok 15:08:26.0642 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 15:08:26.0673 1452 drmkaud - ok 15:08:26.0985 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 15:08:27.0016 1452 DXGKrnl - ok 15:08:27.0079 1452 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:08:27.0110 1452 E1G60 - ok 15:08:27.0172 1452 e1yexpress (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys 15:08:27.0188 1452 e1yexpress - ok 15:08:27.0219 1452 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 15:08:27.0235 1452 EapHost - ok 15:08:27.0250 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 15:08:27.0266 1452 Ecache - ok 15:08:27.0360 1452 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 15:08:27.0438 1452 elxstor - ok 15:08:27.0516 1452 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 15:08:27.0578 1452 EMDMgmt - ok 15:08:27.0609 1452 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 15:08:27.0625 1452 ErrDev - ok 15:08:27.0781 1452 ETService (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 15:08:27.0812 1452 ETService ( UnsignedFile.Multi.Generic ) - warning 15:08:27.0812 1452 ETService - detected UnsignedFile.Multi.Generic (1) 15:08:28.0093 1452 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 15:08:28.0140 1452 EventSystem - ok 15:08:28.0327 1452 EvtEng (53cca6b4df0977074e85c9a18f42b5cc) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 15:08:28.0452 1452 EvtEng - ok 15:08:28.0561 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 15:08:28.0608 1452 exfat - ok 15:08:28.0639 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 15:08:28.0686 1452 fastfat - ok 15:08:28.0951 1452 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe 15:08:29.0044 1452 Fax - ok 15:08:29.0076 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 15:08:29.0122 1452 fdc - ok 15:08:29.0154 1452 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 15:08:29.0185 1452 fdPHost - ok 15:08:29.0216 1452 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 15:08:29.0263 1452 FDResPub - ok 15:08:29.0310 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 15:08:29.0310 1452 FileInfo - ok 15:08:29.0325 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 15:08:29.0372 1452 Filetrace - ok 15:08:29.0403 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 15:08:29.0434 1452 flpydisk - ok 15:08:29.0481 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 15:08:29.0512 1452 FltMgr - ok 15:08:29.0731 1452 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 15:08:29.0840 1452 FontCache - ok 15:08:30.0043 1452 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:08:30.0058 1452 FontCache3.0.0.0 - ok 15:08:30.0090 1452 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 15:08:30.0136 1452 Fs_Rec - ok 15:08:30.0152 1452 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 15:08:30.0168 1452 gagp30kx - ok 15:08:30.0214 1452 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:08:30.0230 1452 GEARAspiWDM - ok 15:08:30.0433 1452 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 15:08:30.0495 1452 gpsvc - ok 15:08:30.0542 1452 GT72NDISIPXP (19ad11dba7f1a302008332a3ad360b3c) C:\Windows\system32\DRIVERS\Gt51Ip.sys 15:08:30.0589 1452 GT72NDISIPXP - ok 15:08:30.0636 1452 GT72UBUS (0aecf7b4b784c6257287fe9230d1163e) C:\Windows\system32\DRIVERS\gt72ubus.sys 15:08:30.0682 1452 GT72UBUS - ok 15:08:30.0714 1452 GTPTSER (4b915d813b7892ba0a08620f82991a82) C:\Windows\system32\DRIVERS\gtptser.sys 15:08:30.0745 1452 GTPTSER - ok 15:08:30.0823 1452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 15:08:30.0901 1452 HdAudAddService - ok 15:08:31.0041 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:08:31.0104 1452 HDAudBus - ok 15:08:31.0166 1452 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys 15:08:31.0197 1452 HECI - ok 15:08:31.0213 1452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 15:08:31.0260 1452 HidBth - ok 15:08:31.0431 1452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 15:08:31.0525 1452 HidIr - ok 15:08:31.0618 1452 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 15:08:31.0650 1452 hidserv - ok 15:08:31.0712 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 15:08:31.0759 1452 HidUsb - ok 15:08:31.0852 1452 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 15:08:31.0915 1452 hkmsvc - ok 15:08:32.0040 1452 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 15:08:32.0055 1452 HpCISSs - ok 15:08:32.0196 1452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 15:08:32.0242 1452 HSFHWAZL - ok 15:08:32.0383 1452 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 15:08:32.0508 1452 HSF_DPV - ok 15:08:32.0554 1452 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 15:08:32.0570 1452 HSXHWAZL - ok 15:08:32.0632 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 15:08:32.0710 1452 HTTP - ok 15:08:32.0757 1452 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 15:08:32.0773 1452 i2omp - ok 15:08:32.0820 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 15:08:32.0866 1452 i8042prt - ok 15:08:32.0929 1452 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 15:08:32.0944 1452 iaStorV - ok 15:08:33.0069 1452 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 15:08:33.0100 1452 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:08:33.0100 1452 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:08:33.0366 1452 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:08:33.0397 1452 idsvc - ok 15:08:33.0678 1452 IFXSpMgtSrv (204ac659f069616ae00627a1b467655d) c:\Windows\system32\ifxspmgt.exe 15:08:33.0693 1452 IFXSpMgtSrv - ok 15:08:33.0834 1452 IFXTCS (02b893d0b89e0b28881a1cab6f337a0b) C:\Windows\System32\IFXTCS.exe 15:08:33.0990 1452 IFXTCS - ok 15:08:34.0816 1452 IGBASVC (e70b9c83ddb6d86f9d1bdfad04757a3f) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe 15:08:36.0626 1452 IGBASVC ( UnsignedFile.Multi.Generic ) - warning 15:08:36.0626 1452 IGBASVC - detected UnsignedFile.Multi.Generic (1) 15:08:39.0106 1452 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys 15:08:40.0542 1452 igfx - ok 15:08:40.0854 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 15:08:40.0869 1452 iirsp - ok 15:08:41.0056 1452 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 15:08:41.0103 1452 IKEEXT - ok 15:08:41.0166 1452 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys 15:08:41.0181 1452 int15 ( UnsignedFile.Multi.Generic ) - warning 15:08:41.0181 1452 int15 - detected UnsignedFile.Multi.Generic (1) 15:08:41.0556 1452 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys 15:08:41.0696 1452 IntcAzAudAddService - ok 15:08:41.0946 1452 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 15:08:41.0961 1452 intelide - ok 15:08:42.0039 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 15:08:42.0070 1452 intelppm - ok 15:08:42.0211 1452 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 15:08:42.0226 1452 IPBusEnum - ok 15:08:42.0258 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:08:42.0304 1452 IpFilterDriver - ok 15:08:42.0429 1452 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 15:08:42.0492 1452 iphlpsvc - ok 15:08:42.0492 1452 IpInIp - ok 15:08:42.0538 1452 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 15:08:42.0585 1452 IPMIDRV - ok 15:08:42.0616 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 15:08:42.0663 1452 IPNAT - ok 15:08:42.0710 1452 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys 15:08:42.0741 1452 irda - ok 15:08:42.0772 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 15:08:42.0788 1452 IRENUM - ok 15:08:42.0835 1452 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll 15:08:42.0897 1452 Irmon - ok 15:08:42.0975 1452 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 15:08:43.0006 1452 isapnp - ok 15:08:43.0069 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 15:08:43.0084 1452 iScsiPrt - ok 15:08:43.0116 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 15:08:43.0116 1452 iteatapi - ok 15:08:43.0162 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 15:08:43.0162 1452 iteraid - ok 15:08:43.0194 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:08:43.0194 1452 kbdclass - ok 15:08:43.0225 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 15:08:43.0256 1452 kbdhid - ok 15:08:43.0287 1452 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:08:43.0318 1452 KeyIso - ok 15:08:43.0443 1452 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 15:08:43.0474 1452 KSecDD - ok 15:08:43.0615 1452 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 15:08:43.0677 1452 KtmRm - ok 15:08:43.0740 1452 kx1avs (6f46978fef08f9da6a02ff15d02ab7b0) C:\Windows\system32\Drivers\kx1avs.sys 15:08:43.0771 1452 kx1avs - ok 15:08:43.0802 1452 kx1usb_svc (7ac9f0e7b8dd10c4366dfda697481c1f) C:\Windows\system32\Drivers\kx1usb.sys 15:08:43.0818 1452 kx1usb_svc - ok 15:08:43.0927 1452 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 15:08:43.0989 1452 LanmanServer - ok 15:08:44.0052 1452 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 15:08:44.0130 1452 LanmanWorkstation - ok 15:08:44.0379 1452 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 15:08:44.0410 1452 LBTServ - ok 15:08:44.0473 1452 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 15:08:44.0488 1452 LHidFilt - ok 15:08:44.0551 1452 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:08:44.0551 1452 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 15:08:44.0551 1452 LightScribeService - detected UnsignedFile.Multi.Generic (1) 15:08:44.0613 1452 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 15:08:44.0629 1452 lirsgt - ok 15:08:44.0660 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 15:08:44.0691 1452 lltdio - ok 15:08:44.0738 1452 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 15:08:44.0785 1452 lltdsvc - ok 15:08:44.0816 1452 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 15:08:44.0847 1452 lmhosts - ok 15:08:44.0878 1452 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 15:08:44.0894 1452 LMouFilt - ok 15:08:44.0925 1452 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 15:08:44.0941 1452 LSI_FC - ok 15:08:44.0972 1452 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 15:08:44.0988 1452 LSI_SAS - ok 15:08:45.0034 1452 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 15:08:45.0050 1452 LSI_SCSI - ok 15:08:45.0066 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 15:08:45.0112 1452 luafv - ok 15:08:45.0190 1452 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 15:08:45.0190 1452 MBAMProtector - ok 15:08:45.0378 1452 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:08:45.0409 1452 MBAMService - ok 15:08:45.0440 1452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 15:08:45.0471 1452 mdmxsdk - ok 15:08:45.0518 1452 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 15:08:45.0534 1452 megasas - ok 15:08:45.0612 1452 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 15:08:45.0627 1452 MegaSR - ok 15:08:45.0768 1452 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:08:45.0814 1452 MMCSS - ok 15:08:45.0846 1452 MobilityService - ok 15:08:45.0939 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 15:08:45.0986 1452 Modem - ok 15:08:46.0033 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 15:08:46.0064 1452 monitor - ok 15:08:46.0064 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 15:08:46.0080 1452 mouclass - ok 15:08:46.0126 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 15:08:46.0142 1452 mouhid - ok 15:08:46.0158 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 15:08:46.0173 1452 MountMgr - ok 15:08:46.0220 1452 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 15:08:46.0236 1452 MpFilter - ok 15:08:46.0282 1452 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 15:08:46.0298 1452 mpio - ok 15:08:46.0516 1452 MpKsl81ccb632 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D188C870-B71E-457F-8249-DB9FC8AC8DF5}\MpKsl81ccb632.sys 15:08:46.0532 1452 MpKsl81ccb632 - ok 15:08:46.0563 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 15:08:46.0610 1452 mpsdrv - ok 15:08:46.0719 1452 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 15:08:46.0813 1452 MpsSvc - ok 15:08:46.0844 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 15:08:46.0844 1452 Mraid35x - ok 15:08:46.0906 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 15:08:46.0938 1452 MRxDAV - ok 15:08:47.0016 1452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:08:47.0109 1452 mrxsmb - ok 15:08:47.0203 1452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:08:47.0250 1452 mrxsmb10 - ok 15:08:47.0296 1452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:08:47.0296 1452 mrxsmb20 - ok 15:08:47.0328 1452 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 15:08:47.0343 1452 msahci - ok 15:08:47.0374 1452 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 15:08:47.0374 1452 msdsm - ok 15:08:47.0421 1452 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 15:08:47.0452 1452 MSDTC - ok 15:08:47.0468 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 15:08:47.0499 1452 Msfs - ok 15:08:47.0530 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 15:08:47.0546 1452 msisadrv - ok 15:08:47.0577 1452 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 15:08:47.0624 1452 MSiSCSI - ok 15:08:47.0624 1452 msiserver - ok 15:08:47.0671 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 15:08:47.0686 1452 MSKSSRV - ok 15:08:47.0842 1452 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 15:08:47.0858 1452 MsMpSvc - ok 15:08:47.0889 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 15:08:47.0920 1452 MSPCLOCK - ok 15:08:47.0983 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 15:08:48.0014 1452 MSPQM - ok 15:08:48.0139 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 15:08:48.0154 1452 MsRPC - ok 15:08:48.0279 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 15:08:48.0279 1452 mssmbios - ok 15:08:48.0326 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 15:08:48.0357 1452 MSTEE - ok 15:08:48.0482 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 15:08:48.0498 1452 Mup - ok 15:08:48.0560 1452 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 15:08:48.0591 1452 napagent - ok 15:08:48.0685 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 15:08:48.0700 1452 NativeWifiP - ok 15:08:48.0841 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 15:08:48.0872 1452 NDIS - ok 15:08:48.0934 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 15:08:48.0981 1452 NdisTapi - ok 15:08:49.0012 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 15:08:49.0044 1452 Ndisuio - ok 15:08:49.0122 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:08:49.0184 1452 NdisWan - ok 15:08:49.0278 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 15:08:49.0309 1452 NDProxy - ok 15:08:49.0356 1452 Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll 15:08:49.0371 1452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:08:49.0371 1452 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:08:49.0387 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 15:08:49.0418 1452 NetBIOS - ok 15:08:49.0543 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 15:08:49.0621 1452 netbt - ok 15:08:49.0652 1452 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:08:49.0652 1452 Netlogon - ok 15:08:49.0777 1452 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 15:08:49.0855 1452 Netman - ok 15:08:49.0948 1452 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 15:08:49.0980 1452 netprofm - ok 15:08:50.0198 1452 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:08:50.0214 1452 NetTcpPortSharing - ok 15:08:51.0540 1452 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 15:08:51.0930 1452 NETw5v32 - ok 15:08:52.0460 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 15:08:52.0460 1452 nfrd960 - ok 15:08:53.0786 1452 NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 15:08:54.0753 1452 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning 15:08:54.0753 1452 NIHardwareService - detected UnsignedFile.Multi.Generic (1) 15:08:55.0346 1452 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:08:55.0362 1452 NisDrv - ok 15:08:55.0549 1452 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe 15:08:55.0580 1452 NisSrv - ok 15:08:55.0674 1452 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 15:08:55.0720 1452 NlaSvc - ok 15:08:55.0783 1452 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys 15:08:55.0861 1452 nmwcd - ok 15:08:55.0892 1452 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys 15:08:55.0939 1452 nmwcdc - ok 15:08:55.0986 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 15:08:56.0017 1452 Npfs - ok 15:08:56.0095 1452 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys 15:08:56.0142 1452 NSCIRDA - ok 15:08:56.0235 1452 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 15:08:56.0313 1452 nsi - ok 15:08:56.0360 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 15:08:56.0407 1452 nsiproxy - ok 15:08:56.0781 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 15:08:56.0984 1452 Ntfs - ok 15:08:57.0218 1452 NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 15:08:57.0265 1452 NTIBackupSvc - ok 15:08:57.0530 1452 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 15:08:57.0546 1452 NTIDrvr - ok 15:08:57.0608 1452 NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 15:08:57.0608 1452 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning 15:08:57.0608 1452 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1) 15:08:57.0639 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 15:08:57.0686 1452 ntrigdigi - ok 15:08:57.0702 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 15:08:57.0748 1452 Null - ok 15:08:57.0780 1452 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 15:08:57.0795 1452 nvraid - ok 15:08:57.0811 1452 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 15:08:57.0826 1452 nvstor - ok 15:08:57.0842 1452 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 15:08:57.0858 1452 nv_agp - ok 15:08:57.0904 1452 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys 15:08:57.0951 1452 NWADI - ok 15:08:57.0967 1452 NwlnkFlt - ok 15:08:57.0967 1452 NwlnkFwd - ok 15:08:58.0029 1452 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe 15:08:58.0060 1452 o2flash ( UnsignedFile.Multi.Generic ) - warning 15:08:58.0060 1452 o2flash - detected UnsignedFile.Multi.Generic (1) 15:08:58.0107 1452 O2MDRDR (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys 15:08:58.0123 1452 O2MDRDR - ok 15:08:58.0216 1452 O2SCBUS (439ad52d13600ea69f4a4409b2968a51) C:\Windows\system32\DRIVERS\ozscr.sys 15:08:58.0232 1452 O2SCBUS - ok 15:08:58.0263 1452 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys 15:08:58.0279 1452 O2SDRDR - ok 15:08:58.0606 1452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:08:58.0638 1452 odserv - ok 15:08:58.0669 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 15:08:58.0684 1452 ohci1394 - ok 15:08:58.0747 1452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:08:58.0762 1452 ose - ok 15:08:59.0028 1452 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:08:59.0090 1452 p2pimsvc - ok 15:08:59.0106 1452 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:08:59.0168 1452 p2psvc - ok 15:08:59.0246 1452 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 15:08:59.0308 1452 Parport - ok 15:08:59.0340 1452 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys 15:08:59.0355 1452 partmgr - ok 15:08:59.0371 1452 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 15:08:59.0418 1452 Parvdm - ok 15:08:59.0449 1452 PCASp50 - ok 15:08:59.0464 1452 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 15:08:59.0511 1452 PcaSvc - ok 15:08:59.0589 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 15:08:59.0605 1452 pci - ok 15:08:59.0620 1452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 15:08:59.0636 1452 pciide - ok 15:08:59.0745 1452 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 15:08:59.0761 1452 pcmcia - ok 15:08:59.0854 1452 PDFProFiltSrv (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe 15:08:59.0870 1452 PDFProFiltSrv - ok 15:09:00.0042 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 15:09:00.0151 1452 PEAUTH - ok 15:09:00.0213 1452 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\Windows\System32\drivers\psd.sys 15:09:00.0244 1452 PersonalSecureDrive - ok 15:09:00.0260 1452 PersonalSecureDriveService (c30a73c602c09bc8404a18497ad24145) c:\Windows\system32\IfxPsdSv.exe 15:09:00.0307 1452 PersonalSecureDriveService - ok 15:09:00.0525 1452 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 15:09:00.0728 1452 pla - ok 15:09:00.0962 1452 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 15:09:01.0009 1452 PlugPlay - ok 15:09:01.0071 1452 Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll 15:09:01.0102 1452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:09:01.0102 1452 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:09:01.0290 1452 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:09:01.0305 1452 PNRPAutoReg - ok 15:09:01.0321 1452 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 15:09:01.0383 1452 PNRPsvc - ok 15:09:01.0602 1452 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 15:09:01.0664 1452 PolicyAgent - ok 15:09:01.0726 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 15:09:01.0758 1452 PptpMiniport - ok 15:09:01.0804 1452 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 15:09:01.0836 1452 Processor - ok 15:09:01.0898 1452 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 15:09:01.0945 1452 ProfSvc - ok 15:09:01.0976 1452 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:09:01.0992 1452 ProtectedStorage - ok 15:09:02.0038 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 15:09:02.0085 1452 PSched - ok 15:09:02.0350 1452 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 15:09:02.0428 1452 ql2300 - ok 15:09:02.0444 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 15:09:02.0460 1452 ql40xx - ok 15:09:02.0538 1452 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 15:09:02.0584 1452 QWAVE - ok 15:09:02.0600 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 15:09:02.0631 1452 QWAVEdrv - ok 15:09:02.0694 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 15:09:02.0740 1452 RasAcd - ok 15:09:02.0772 1452 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 15:09:02.0818 1452 RasAuto - ok 15:09:02.0850 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:09:02.0881 1452 Rasl2tp - ok 15:09:03.0037 1452 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 15:09:03.0068 1452 RasMan - ok 15:09:03.0099 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 15:09:03.0130 1452 RasPppoe - ok 15:09:03.0177 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 15:09:03.0177 1452 RasSstp - ok 15:09:03.0380 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 15:09:03.0427 1452 rdbss - ok 15:09:03.0442 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:09:03.0474 1452 RDPCDD - ok 15:09:03.0614 1452 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 15:09:03.0661 1452 rdpdr - ok 15:09:03.0676 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 15:09:03.0723 1452 RDPENCDD - ok 15:09:03.0957 1452 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 15:09:04.0004 1452 RDPWD - ok 15:09:04.0269 1452 RegSrvc (7c4391419852dfc331f6af620c33af3c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 15:09:04.0378 1452 RegSrvc - ok 15:09:04.0441 1452 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 15:09:04.0472 1452 RemoteAccess - ok 15:09:04.0503 1452 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 15:09:04.0550 1452 RemoteRegistry - ok 15:09:04.0737 1452 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 15:09:04.0753 1452 RFCOMM - ok 15:09:04.0909 1452 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 15:09:05.0018 1452 RpcLocator - ok 15:09:05.0174 1452 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 15:09:05.0205 1452 RpcSs - ok 15:09:05.0299 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 15:09:05.0346 1452 rspndr - ok 15:09:05.0377 1452 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 15:09:05.0377 1452 SamSs - ok 15:09:05.0439 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 15:09:05.0455 1452 sbp2port - ok 15:09:05.0502 1452 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 15:09:05.0548 1452 SCardSvr - ok 15:09:05.0704 1452 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 15:09:05.0767 1452 Schedule - ok 15:09:05.0798 1452 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 15:09:05.0814 1452 SCPolicySvc - ok 15:09:05.0860 1452 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 15:09:05.0892 1452 sdbus - ok 15:09:06.0110 1452 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 15:09:06.0157 1452 SDRSVC - ok 15:09:06.0188 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:09:06.0266 1452 secdrv - ok 15:09:06.0328 1452 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 15:09:06.0360 1452 seclogon - ok 15:09:06.0391 1452 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 15:09:06.0438 1452 SENS - ok 15:09:06.0453 1452 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 15:09:06.0500 1452 Serenum - ok 15:09:06.0718 1452 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 15:09:06.0843 1452 Serial - ok 15:09:06.0859 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 15:09:06.0890 1452 sermouse - ok 15:09:07.0108 1452 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 15:09:07.0155 1452 SessionEnv - ok 15:09:07.0202 1452 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 15:09:07.0233 1452 sffdisk - ok 15:09:07.0264 1452 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 15:09:07.0296 1452 sffp_mmc - ok 15:09:07.0358 1452 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 15:09:07.0374 1452 sffp_sd - ok 15:09:07.0389 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 15:09:07.0452 1452 sfloppy - ok 15:09:07.0608 1452 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 15:09:07.0654 1452 SharedAccess - ok 15:09:07.0826 1452 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 15:09:07.0857 1452 ShellHWDetection - ok 15:09:07.0888 1452 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 15:09:07.0904 1452 sisagp - ok 15:09:07.0920 1452 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 15:09:07.0935 1452 SiSRaid2 - ok 15:09:07.0966 1452 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 15:09:07.0982 1452 SiSRaid4 - ok 15:09:08.0122 1452 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe 15:09:08.0138 1452 SkypeUpdate - ok 15:09:09.0292 1452 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 15:09:09.0745 1452 slsvc - ok 15:09:10.0150 1452 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 15:09:10.0166 1452 SLUINotify - ok 15:09:10.0306 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 15:09:10.0338 1452 Smb - ok 15:09:10.0478 1452 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 15:09:10.0494 1452 SNMPTRAP - ok 15:09:10.0525 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 15:09:10.0540 1452 spldr - ok 15:09:10.0603 1452 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 15:09:10.0650 1452 Spooler - ok 15:09:10.0774 1452 SQLWriter (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 15:09:10.0806 1452 SQLWriter - ok 15:09:11.0008 1452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 15:09:11.0086 1452 srv - ok 15:09:11.0133 1452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 15:09:11.0164 1452 srv2 - ok 15:09:11.0211 1452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 15:09:11.0258 1452 srvnet - ok 15:09:11.0336 1452 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 15:09:11.0398 1452 SSDPSRV - ok 15:09:11.0461 1452 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 15:09:11.0492 1452 SstpSvc - ok 15:09:11.0617 1452 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 15:09:11.0648 1452 stisvc - ok 15:09:11.0679 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 15:09:11.0679 1452 swenum - ok 15:09:11.0742 1452 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 15:09:11.0788 1452 swprv - ok 15:09:11.0804 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 15:09:11.0820 1452 Symc8xx - ok 15:09:11.0913 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 15:09:11.0944 1452 Sym_hi - ok 15:09:11.0991 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 15:09:12.0007 1452 Sym_u3 - ok 15:09:12.0069 1452 SynTP (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys 15:09:12.0085 1452 SynTP - ok 15:09:12.0194 1452 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 15:09:12.0272 1452 SysMain - ok 15:09:12.0303 1452 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 15:09:12.0319 1452 TabletInputService - ok 15:09:12.0366 1452 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 15:09:12.0428 1452 TapiSrv - ok 15:09:12.0444 1452 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 15:09:12.0490 1452 TBS - ok 15:09:12.0834 1452 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys 15:09:12.0896 1452 Tcpip - ok 15:09:12.0912 1452 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys 15:09:12.0943 1452 Tcpip6 - ok 15:09:13.0021 1452 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys 15:09:13.0083 1452 tcpipreg - ok 15:09:13.0146 1452 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys 15:09:13.0146 1452 TcUsb - ok 15:09:13.0177 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 15:09:13.0224 1452 TDPIPE - ok 15:09:13.0255 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 15:09:13.0302 1452 TDTCP - ok 15:09:13.0348 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 15:09:13.0426 1452 tdx - ok 15:09:13.0473 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 15:09:13.0489 1452 TermDD - ok 15:09:13.0754 1452 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 15:09:13.0801 1452 TermService - ok 15:09:14.0050 1452 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 15:09:14.0066 1452 Themes - ok 15:09:14.0113 1452 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 15:09:14.0144 1452 THREADORDER - ok 15:09:14.0191 1452 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys 15:09:14.0222 1452 TpChoice - ok 15:09:14.0253 1452 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 15:09:14.0269 1452 TPM - ok 15:09:14.0331 1452 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 15:09:14.0347 1452 TrkWks - ok 15:09:14.0628 1452 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 15:09:14.0674 1452 TrustedInstaller - ok 15:09:14.0706 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:09:14.0721 1452 tssecsrv - ok 15:09:14.0752 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 15:09:14.0784 1452 tunmp - ok 15:09:14.0815 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 15:09:14.0846 1452 tunnel - ok 15:09:14.0877 1452 U46WDM1_01 (dd60662944aaabbf9d8c9e3bf8428cdf) C:\Windows\system32\DRIVERS\U46wdm.sys 15:09:14.0908 1452 U46WDM1_01 - ok 15:09:14.0940 1452 U46_AA (2e8dbf227a4d19ef14153f1435338508) C:\Windows\system32\DRIVERS\U46DRV.sys 15:09:14.0971 1452 U46_AA - ok 15:09:14.0986 1452 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 15:09:15.0018 1452 uagp35 - ok 15:09:15.0049 1452 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 15:09:15.0064 1452 UBHelper - ok 15:09:15.0127 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 15:09:15.0158 1452 udfs - ok 15:09:15.0252 1452 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 15:09:15.0298 1452 UI0Detect - ok 15:09:15.0330 1452 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 15:09:15.0345 1452 uliagpkx - ok 15:09:15.0439 1452 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 15:09:15.0470 1452 uliahci - ok 15:09:15.0532 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 15:09:15.0548 1452 UlSata - ok 15:09:15.0595 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 15:09:15.0610 1452 ulsata2 - ok 15:09:15.0642 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 15:09:15.0673 1452 umbus - ok 15:09:15.0844 1452 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll 15:09:15.0907 1452 UmRdpService - ok 15:09:15.0969 1452 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 15:09:16.0016 1452 upnphost - ok 15:09:16.0063 1452 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 15:09:16.0094 1452 upperdev - ok 15:09:16.0110 1452 USBAAPL - ok 15:09:16.0156 1452 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 15:09:16.0188 1452 usbaudio - ok 15:09:16.0234 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 15:09:16.0281 1452 usbccgp - ok 15:09:16.0328 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 15:09:16.0390 1452 usbcir - ok 15:09:16.0453 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 15:09:16.0468 1452 usbehci - ok 15:09:16.0562 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 15:09:16.0578 1452 usbhub - ok 15:09:16.0624 1452 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 15:09:16.0687 1452 usbohci - ok 15:09:16.0718 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 15:09:16.0749 1452 usbprint - ok 15:09:16.0796 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 15:09:16.0812 1452 usbscan - ok 15:09:16.0843 1452 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys 15:09:16.0874 1452 usbser - ok 15:09:16.0921 1452 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 15:09:16.0968 1452 UsbserFilt - ok 15:09:16.0983 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:09:17.0030 1452 USBSTOR - ok 15:09:17.0061 1452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 15:09:17.0077 1452 usbuhci - ok 15:09:17.0108 1452 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 15:09:17.0139 1452 usbvideo - ok 15:09:17.0155 1452 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 15:09:17.0202 1452 UxSms - ok 15:09:17.0264 1452 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 15:09:17.0311 1452 vds - ok 15:09:17.0358 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 15:09:17.0404 1452 vga - ok 15:09:17.0545 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 15:09:17.0592 1452 VgaSave - ok 15:09:17.0607 1452 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 15:09:17.0623 1452 viaagp - ok 15:09:17.0638 1452 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 15:09:17.0670 1452 ViaC7 - ok 15:09:17.0748 1452 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 15:09:17.0763 1452 viaide - ok 15:09:17.0794 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 15:09:17.0810 1452 volmgr - ok 15:09:17.0888 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 15:09:17.0935 1452 volmgrx - ok 15:09:18.0044 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 15:09:18.0060 1452 volsnap - ok 15:09:18.0138 1452 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 15:09:18.0153 1452 vsmraid - ok 15:09:18.0418 1452 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 15:09:18.0465 1452 VSS - ok 15:09:18.0824 1452 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 15:09:18.0855 1452 W32Time - ok 15:09:19.0105 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 15:09:19.0152 1452 WacomPen - ok 15:09:19.0292 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:09:19.0339 1452 Wanarp - ok 15:09:19.0339 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 15:09:19.0370 1452 Wanarpv6 - ok 15:09:19.0588 1452 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe 15:09:19.0822 1452 wbengine - ok 15:09:19.0916 1452 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 15:09:19.0963 1452 wcncsvc - ok 15:09:20.0041 1452 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 15:09:20.0088 1452 WcsPlugInService - ok 15:09:20.0181 1452 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 15:09:20.0197 1452 Wd - ok 15:09:20.0337 1452 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:09:20.0400 1452 Wdf01000 - ok 15:09:20.0431 1452 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:09:20.0462 1452 WdiServiceHost - ok 15:09:20.0462 1452 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 15:09:20.0493 1452 WdiSystemHost - ok 15:09:20.0524 1452 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 15:09:20.0571 1452 WebClient - ok 15:09:20.0680 1452 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 15:09:20.0758 1452 Wecsvc - ok 15:09:20.0836 1452 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 15:09:20.0868 1452 wercplsupport - ok 15:09:20.0946 1452 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 15:09:21.0008 1452 WerSvc - ok 15:09:21.0070 1452 WIBUKEY (4d7602b0b5ca33720cbe08cbc4a9d8e3) C:\Windows\system32\DRIVERS\WibuKey.sys 15:09:21.0117 1452 WIBUKEY - ok 15:09:21.0148 1452 Wibukey2 (1ac50e90995649803bacab62f5f48e2a) C:\Windows\system32\drivers\wibukey2.sys 15:09:21.0195 1452 Wibukey2 ( UnsignedFile.Multi.Generic ) - warning 15:09:21.0195 1452 Wibukey2 - detected UnsignedFile.Multi.Generic (1) 15:09:21.0320 1452 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 15:09:21.0351 1452 winachsf - ok 15:09:21.0538 1452 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 15:09:21.0554 1452 WinDefend - ok 15:09:21.0554 1452 WinHttpAutoProxySvc - ok 15:09:21.0741 1452 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 15:09:21.0772 1452 Winmgmt - ok 15:09:22.0131 1452 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 15:09:22.0225 1452 WinRM - ok 15:09:22.0350 1452 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 15:09:22.0412 1452 Wlansvc - ok 15:09:22.0443 1452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:09:22.0459 1452 WmiAcpi - ok 15:09:22.0615 1452 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 15:09:22.0662 1452 wmiApSrv - ok 15:09:22.0911 1452 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 15:09:23.0098 1452 WMPNetworkSvc - ok 15:09:23.0130 1452 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 15:09:23.0161 1452 WPDBusEnum - ok 15:09:23.0301 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 15:09:23.0364 1452 WpdUsb - ok 15:09:23.0769 1452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:09:23.0894 1452 WPFFontCache_v0400 - ok 15:09:24.0081 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 15:09:24.0144 1452 ws2ifsl - ok 15:09:24.0222 1452 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 15:09:24.0253 1452 wscsvc - ok 15:09:24.0300 1452 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 15:09:24.0315 1452 WSDPrintDevice - ok 15:09:24.0331 1452 WSearch - ok 15:09:25.0064 1452 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 15:09:25.0314 1452 wuauserv - ok 15:09:25.0563 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:09:25.0610 1452 WUDFRd - ok 15:09:25.0750 1452 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 15:09:25.0766 1452 wudfsvc - ok 15:09:25.0813 1452 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 15:09:25.0860 1452 XAudio - ok 15:09:26.0000 1452 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe 15:09:26.0047 1452 XAudioService - ok 15:09:26.0094 1452 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0 15:09:28.0558 1452 \Device\Harddisk0\DR0 - ok 15:09:28.0590 1452 Boot (0x1200) (49a764a290c4d05be3a9fdffff1d90bb) \Device\Harddisk0\DR0\Partition0 15:09:28.0590 1452 \Device\Harddisk0\DR0\Partition0 - ok 15:09:28.0605 1452 Boot (0x1200) (7f0fc9d758beb7b22e2ffd824da3a7dc) \Device\Harddisk0\DR0\Partition1 15:09:28.0652 1452 \Device\Harddisk0\DR0\Partition1 - ok 15:09:28.0652 1452 ============================================================ 15:09:28.0652 1452 Scan finished 15:09:28.0652 1452 ============================================================ 15:09:28.0652 5796 Detected object count: 12 15:09:28.0652 5796 Actual detected object count: 12 15:10:03.0050 5796 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0050 5796 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0050 5796 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0050 5796 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0050 5796 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0050 5796 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0050 5796 IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0050 5796 IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 int15 ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:10:03.0066 5796 Wibukey2 ( UnsignedFile.Multi.Generic ) - skipped by user 15:10:03.0066 5796 Wibukey2 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Themen zu Problem mit Searchqu |
forum, hilfe!, installiert, neues, ordner, problem, proggi, programme, rechner, scan, scanner, seite, seiten, startseite, suche, suchmaschine, systemsteuerung, thema, trojaner, ungewollt, verschiedene, virenscanner, virus, windows |