Virus Windows Update Ukash..mich hats auch getroffen.Hier die Log Files...

nighthunter · 06.06.2012, 14:51

Mich hat der Virus auch getroffen.Es ist der neue,also der Windows update Ukash Virus.Ich hab die Anleitung soweit befolgt und die Log Files erstellt.
Wie ist nun das weitere vorgehen?

Dateien im Anhang.

Hohhe um schnelle Hilfe.Danke schon mal im vorraus.
Grüße Günni

cosinus · 08.06.2012, 13:53

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

nighthunter · 09.06.2012, 01:15

So,hab nun die Scans gemacht und alles befolgt.Hier die ergebnisse:

Ergebnis Vollscan mit Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-NOTEBOOK [Administrator]

Schutz: Deaktiviert

08.06.2012 17:24:13
mbam-log-2012-06-09 (00-41-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381836
Laufzeit: 54 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\SWIP Bp.scr (Trojan.Downloader) -> Keine Aktion durchgeführt.

(Ende)

und hier das Ergebnis vom ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e48de51f3e759141b1a5265420fb4471
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 12:03:01
# local_time=2012-06-09 02:03:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 10147503 10147503 0 0
# compatibility_mode=5892 16776573 100 100 23502 176728652 0 0
# compatibility_mode=8192 67108863 100 0 26620 26620 0 0
# scanned=120405
# found=0
# cleaned=0
# scan_time=4257

hab auch beides nochmal als anhang hinzugefügt.ich hoffe ihr könnt damit was anfangen und mein pc ist bald wieder clean.
übrigens mein thunderbird geht seit dem virus nicht mehr.es öffnet sich nur das suchfenster und im "hintergrund" wie son schatten die leiste oben mit start usw.kanns aber nicht anklicken.

cosinus · 09.06.2012, 22:59

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

nighthunter · 10.06.2012, 00:12

Hallo Arne,ich hab in der Vergangenheit noch keinen scan mit Malwarebytes gemacht.Somit ist das der erste scan und alles was im Log stand hab ich hier eingefügt.Hab ich was falsch gemacht?
Malwarebytes hat auch zwei sachen gefunden,die hab ich dann wie beschrieben auch mit Malwarebytes gelöscht.

cosinus · 10.06.2012, 00:38

Es war doch einfach nur eine Frage ob du schon mal vorher mit Malwarebytes gescannt hast

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

nighthunter · 10.06.2012, 10:05

War nicht böse gemeint,ich bin in solchen pc sachen eigentlich nicht so fit.nix für ungut.zu deinen fragen:

1. Der normale modus geht nicht wirklich,ich kann den rechner zwar normal hochfahren,aber sobald ich irgendetwas starten will (z.B. Firefox) oder nen Ordner öffnen will,reagiert er nicht mehr.die maus zeigt die Sanduhr und ansonsten kann ich machen was ich ich,er reagiert nicht.nicht mal auf Strg-Alt-Entf reagiert dann der rechner.
Das war übrigens vor dem scan mit Malwarebytes und Eset nicht so.Da konnt ich auch ins Internet und auch mal winamp anschmeißen.

2. Im Startmenü sieht eigentlich alles ganz gut aus,da vermisse ich so nix.Es sind 1 oder 2 Leere Ordner da,aber ich glaube das ist ok.Ist einmal von Codemasters (das spiel hab ich deinstalliert) und ein ordner namens "Deep Silver",der ist leer und damit kann ich nix anfangen.

Grüße Günni

cosinus · 10.06.2012, 16:10

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

nighthunter · 10.06.2012, 18:04

hi,so hier der neue log:

Code:

ATTFilter

OTL logfile created on: 10.06.2012 18:44:46 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,04% Memory free
6,19 Gb Paging File | 5,91 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 66,94 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 48,86 Gb Free Space | 45,28% Space Free | Partition Type: NTFS
 
Computer Name: GÜNTER-NOTEBOOK | User Name: Günter | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.10 18:35:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2012.05.09 10:18:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 10:18:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:47:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.09.26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- D:\4.Programme\eigen installierte Programme\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.09 10:18:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 10:18:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.12 11:56:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.10.12 11:56:23 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.09.14 23:16:40 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.17 02:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.20 19:30:44 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.06.29 09:16:48 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.09.07 17:21:02 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.09.07 17:21:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.05.27 19:33:58 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008.04.12 02:58:25 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.05 09:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 09:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.10.23 12:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\habu.sys -- (HabuFltr)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 21:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components [2012.01.17 19:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.05.14 14:35:15 | 000,000,000 | ---D | M]
 
[2009.05.11 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions
[2009.05.11 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.25 23:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Firefox\Profiles\hypg6nzk.default\extensions
[2011.05.14 14:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Firefox\Profiles\hypg6nzk.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.19 13:57:15 | 000,000,933 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\11-suche.xml
[2011.12.19 13:57:15 | 000,002,419 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 13:57:15 | 000,010,525 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\gmx-suche.xml
[2011.12.19 13:57:15 | 000,002,457 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\lastminute.xml
[2008.05.31 16:47:07 | 000,002,386 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\siteadvisor.xml
[2011.12.19 13:57:15 | 000,005,508 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\webde-suche.xml
[2012.02.24 18:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.05.30 11:36:37 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
File not found (No name found) -- C:\USERS\GÃ¼NTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
File not found (No name found) -- C:\USERS\GÃ¼NTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\GÃ¼NTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.05.03 18:47:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.06.01 13:22:18 | 000,874,008 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2012.02.20 18:27:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2012.02.12 18:27:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 18:27:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 18:27:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 18:27:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 18:27:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 18:27:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Habu] C:\Programme\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Users\Günter\QTTask.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000..\Run: [AeroSnap] D:\4.Programme\eigen installierte Programme\aerosnap desktop tool\AeroSnap\AeroSnap.exe ()
O4 - Startup: C:\Users\Günter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar - Verknüpfung.lnk = C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15412A61-51FE-461E-B6F2-C96B014BA952}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 18:35:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
[2012.06.08 17:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.08 17:28:09 | 002,322,184 | ---- | C] (ESET) -- D:\Desktop\esetsmartinstaller_enu.exe
[2012.06.08 17:10:12 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Malwarebytes
[2012.06.08 17:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.08 17:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 17:09:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.08 17:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.08 17:07:18 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.06 14:57:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.06.05 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2012.05.23 14:24:29 | 000,000,000 | ---D | C] -- D:\Desktop\satio
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 18:35:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
[2012.06.10 10:40:24 | 000,632,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.10 10:40:24 | 000,591,262 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.10 10:40:24 | 000,127,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.10 10:40:24 | 000,105,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.10 10:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 10:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
[2012.06.10 10:28:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.06.10 10:28:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.10 10:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 10:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 01:21:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.10 01:11:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.09 00:49:09 | 002,322,184 | ---- | M] (ESET) -- D:\Desktop\esetsmartinstaller_enu.exe
[2012.06.08 17:09:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.08 17:07:32 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.07 14:54:44 | 000,001,356 | ---- | M] () -- C:\Users\Günter\AppData\Local\d3d9caps.dat
[2012.06.06 21:16:00 | 000,092,672 | ---- | M] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.06 15:01:41 | 000,302,592 | ---- | M] () -- D:\Desktop\rg6lxw0i.exe
[2012.06.06 14:57:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.06.06 14:55:51 | 000,000,000 | ---- | M] () -- C:\Users\Günter\defogger_reenable
[2012.06.06 14:54:28 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe
[2012.06.03 02:06:43 | 008,650,698 | ---- | M] () -- D:\Desktop\Linkin Park -- BURN IT DOWN (RAC mix).mp3
[2012.05.31 14:11:45 | 006,030,580 | ---- | M] () -- D:\Desktop\Fun. - We Are Young (feat. Janelle Monáe).mp3
[2012.05.31 14:11:41 | 006,423,798 | ---- | M] () -- D:\Desktop\Of Monsters and Men - Little Talks.mp3
[2012.05.31 14:11:32 | 004,979,960 | ---- | M] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers)(1).mp3
[2012.05.31 14:11:24 | 004,719,837 | ---- | M] () -- D:\Desktop\Train - Drive By.mp3
[2012.05.31 14:11:16 | 005,080,306 | ---- | M] () -- D:\Desktop\Nicki Minaj - Starships.mp3
[2012.05.31 14:11:09 | 004,981,979 | ---- | M] () -- D:\Desktop\Pitbull - Back In Time (feat. in MIB3).mp3
[2012.05.31 14:11:00 | 006,423,780 | ---- | M] () -- D:\Desktop\Gossip - Perfect World.mp3
[2012.05.31 14:10:49 | 006,882,533 | ---- | M] () -- D:\Desktop\Lana Del Rey - Born to Die.mp3
[2012.05.31 14:10:37 | 004,293,853 | ---- | M] () -- D:\Desktop\DJane HouseKat - My Party (feat. Rameez).mp3
[2012.05.31 14:10:25 | 005,395,687 | ---- | M] () -- D:\Desktop\Lykke Li - I Follow Rivers.mp3
[2012.05.31 14:10:17 | 004,752,621 | ---- | M] () -- D:\Desktop\Emeli Sandé - Next to Me.mp3
[2012.05.30 19:56:18 | 000,012,677 | ---- | M] () -- C:\Users\Günter\tyjqAqjUVUVdfLo
[2012.05.30 19:46:57 | 001,387,753 | ---- | M] () -- D:\Desktop\DSC_0013.JPG
[2012.05.30 19:46:36 | 001,663,402 | ---- | M] () -- D:\Desktop\DSC_0014.JPG
[2012.05.30 19:46:09 | 000,785,567 | ---- | M] () -- D:\Desktop\DSC_0015.JPG
[2012.05.27 12:23:29 | 005,899,499 | ---- | M] () -- D:\Desktop\Rihanna - Where Have You Been.mp3
[2012.05.19 15:36:07 | 006,161,646 | ---- | M] () -- D:\Desktop\Alex Clare - Too Close.mp3
[2012.05.19 15:35:52 | 004,965,624 | ---- | M] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers).mp3
[2012.05.19 15:35:31 | 005,276,900 | ---- | M] () -- D:\Desktop\Culcha Candela - Von Alleine.mp3
[2012.05.19 15:35:28 | 005,440,751 | ---- | M] () -- D:\Desktop\Taio Cruz - There She Goes (Feat . Pitbull).mp3
[2012.05.12 10:27:56 | 000,310,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 17:09:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 15:01:40 | 000,302,592 | ---- | C] () -- D:\Desktop\rg6lxw0i.exe
[2012.06.06 14:55:51 | 000,000,000 | ---- | C] () -- C:\Users\Günter\defogger_reenable
[2012.06.06 14:54:28 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe
[2012.06.03 02:06:18 | 008,650,698 | ---- | C] () -- D:\Desktop\Linkin Park -- BURN IT DOWN (RAC mix).mp3
[2012.05.31 14:11:34 | 006,030,580 | ---- | C] () -- D:\Desktop\Fun. - We Are Young (feat. Janelle Monáe).mp3
[2012.05.31 14:11:26 | 006,423,798 | ---- | C] () -- D:\Desktop\Of Monsters and Men - Little Talks.mp3
[2012.05.31 14:11:21 | 004,979,960 | ---- | C] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers)(1).mp3
[2012.05.31 14:11:16 | 004,719,837 | ---- | C] () -- D:\Desktop\Train - Drive By.mp3
[2012.05.31 14:11:10 | 005,080,306 | ---- | C] () -- D:\Desktop\Nicki Minaj - Starships.mp3
[2012.05.31 14:11:04 | 004,981,979 | ---- | C] () -- D:\Desktop\Pitbull - Back In Time (feat. in MIB3).mp3
[2012.05.31 14:10:52 | 006,423,780 | ---- | C] () -- D:\Desktop\Gossip - Perfect World.mp3
[2012.05.31 14:10:41 | 006,882,533 | ---- | C] () -- D:\Desktop\Lana Del Rey - Born to Die.mp3
[2012.05.31 14:10:34 | 004,293,853 | ---- | C] () -- D:\Desktop\DJane HouseKat - My Party (feat. Rameez).mp3
[2012.05.31 14:10:19 | 005,395,687 | ---- | C] () -- D:\Desktop\Lykke Li - I Follow Rivers.mp3
[2012.05.31 14:10:11 | 004,752,621 | ---- | C] () -- D:\Desktop\Emeli Sandé - Next to Me.mp3
[2012.05.30 19:46:57 | 001,387,753 | ---- | C] () -- D:\Desktop\DSC_0013.JPG
[2012.05.30 19:46:37 | 001,663,402 | ---- | C] () -- D:\Desktop\DSC_0014.JPG
[2012.05.30 19:46:10 | 000,785,567 | ---- | C] () -- D:\Desktop\DSC_0015.JPG
[2012.05.27 12:23:19 | 005,899,499 | ---- | C] () -- D:\Desktop\Rihanna - Where Have You Been.mp3
[2012.05.19 15:35:55 | 006,161,646 | ---- | C] () -- D:\Desktop\Alex Clare - Too Close.mp3
[2012.05.19 15:35:45 | 004,965,624 | ---- | C] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers).mp3
[2012.05.19 15:35:20 | 005,276,900 | ---- | C] () -- D:\Desktop\Culcha Candela - Von Alleine.mp3
[2012.05.19 15:35:16 | 005,440,751 | ---- | C] () -- D:\Desktop\Taio Cruz - There She Goes (Feat . Pitbull).mp3
[2011.11.19 08:10:21 | 000,000,144 | ---- | C] () -- C:\Windows\wiso.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.19 00:15:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\krx240.dat
 
========== LOP Check ==========
 
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
[2008.06.03 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer
[2012.06.06 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console
[2009.12.27 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AeroSnapApp
[2012.03.05 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Amazon
[2011.03.02 07:24:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bump Technologies, Inc
[2012.06.06 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Desktop Sidebar
[2012.06.06 14:07:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DriverCure
[2010.06.04 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\elsterformular
[2008.06.05 08:29:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi
[2009.05.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FairStars CD Ripper
[2009.11.20 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\GetRightToGo
[2012.05.30 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0
[2012.06.06 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IcoFX
[2010.12.19 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Kristanix Software
[2009.12.21 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Leadertech
[2010.10.23 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macro Recorder
[2009.04.04 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NAVIGON
[2009.05.18 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NCH Swift Sound
[2012.01.21 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Need for Speed World
[2009.02.09 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org
[2012.06.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2010.04.24 05:57:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Razer
[2010.10.07 07:29:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Sony
[2008.11.30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Steganos
[2008.05.28 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template
[2009.05.11 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Thunderbird
[2009.11.20 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrueCrypt
[2009.06.08 17:08:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software
[2008.05.27 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Validity
[2012.06.10 01:21:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.10 10:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
[2008.06.03 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer
[2012.06.06 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console
[2011.12.03 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Adobe
[2009.12.27 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AeroSnapApp
[2012.03.05 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Amazon
[2011.01.26 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Apple Computer
[2012.02.12 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Avira
[2011.03.02 07:24:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bump Technologies, Inc
[2008.06.10 16:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\CyberLink
[2012.06.06 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Desktop Sidebar
[2012.06.06 14:07:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DriverCure
[2011.01.30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\dvdcss
[2010.06.04 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\elsterformular
[2008.06.05 08:29:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi
[2009.05.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FairStars CD Ripper
[2009.11.20 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\GetRightToGo
[2008.05.30 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Google
[2012.05.30 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0
[2012.06.06 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IcoFX
[2008.05.27 12:40:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Identities
[2010.04.16 06:54:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\InstallShield
[2010.12.19 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Kristanix Software
[2009.12.21 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Leadertech
[2010.10.23 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macro Recorder
[2008.05.27 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macromedia
[2012.06.08 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Media Center Programs
[2011.12.03 19:56:28 | 000,000,000 | --SD | M] -- C:\Users\Günter\AppData\Roaming\Microsoft
[2008.12.16 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Mozilla
[2009.04.04 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NAVIGON
[2009.05.18 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NCH Swift Sound
[2012.01.21 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Need for Speed World
[2009.12.21 20:25:02 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Nero
[2009.02.09 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org
[2009.04.01 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org2
[2012.06.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2010.04.24 05:57:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Razer
[2008.10.28 14:24:26 | 000,000,000 | RH-D | M] -- C:\Users\Günter\AppData\Roaming\SecuROM
[2010.10.07 07:29:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Sony
[2008.11.30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Steganos
[2008.05.30 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Talkback
[2008.05.28 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template
[2009.05.11 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Thunderbird
[2009.11.20 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrueCrypt
[2009.06.08 17:08:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software
[2008.05.27 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Validity
[2008.10.29 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\vlc
[2011.12.16 17:24:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Winamp
[2008.12.30 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\WinRAR
[2008.05.28 03:22:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.03.21 21:40:01 | 000,158,000 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Thunderbird\Profiles\r6jncpu2.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.06.16 08:03:29 | 001,495,112 | ---- | M] () -- C:\install_flash_player.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >

cosinus · 10.06.2012, 18:53

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q="
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.06.05 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

nighthunter · 10.06.2012, 19:02

ok,hab ich gemacht:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Programme\Winload\prxtbWinl.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Günter\AppData\Roaming\Pagrgr folder moved successfully.
C:\Users\Günter\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Application Data
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Günter
->Temp folder emptied: 22721550 bytes
->Temporary Internet Files folder emptied: 27329589 bytes
->Java cache emptied: 13333822 bytes
->FireFox cache emptied: 140230054 bytes
->Flash cache emptied: 53279 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8012082 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 334823 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 36750616 bytes
RecycleBin emptied: 4822242 bytes
 
Total Files Cleaned = 243,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Application Data
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Günter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06102012_195555

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.06.2012, 19:07

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

nighthunter · 10.06.2012, 21:53

So,erledigt.Hier der Report vom TDSS Killer:

Code:

ATTFilter

22:47:03.0206 4992	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:47:03.0942 4992	============================================================
22:47:03.0942 4992	Current date / time: 2012/06/10 22:47:03.0942
22:47:03.0942 4992	SystemInfo:
22:47:03.0942 4992	
22:47:03.0942 4992	OS Version: 6.0.6002 ServicePack: 2.0
22:47:03.0942 4992	Product type: Workstation
22:47:03.0943 4992	ComputerName: GÜNTER-NOTEBOOK
22:47:03.0943 4992	UserName: Günter
22:47:03.0943 4992	Windows directory: C:\Windows
22:47:03.0943 4992	System windows directory: C:\Windows
22:47:03.0943 4992	Processor architecture: Intel x86
22:47:03.0943 4992	Number of processors: 2
22:47:03.0943 4992	Page size: 0x1000
22:47:03.0943 4992	Boot type: Normal boot
22:47:03.0943 4992	============================================================
22:47:05.0519 4992	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:47:05.0523 4992	============================================================
22:47:05.0523 4992	\Device\Harddisk0\DR0:
22:47:05.0524 4992	MBR partitions:
22:47:05.0524 4992	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
22:47:05.0524 4992	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800
22:47:05.0524 4992	============================================================
22:47:05.0555 4992	C: <-> \Device\Harddisk0\DR0\Partition0
22:47:05.0896 4992	D: <-> \Device\Harddisk0\DR0\Partition1
22:47:05.0897 4992	============================================================
22:47:05.0897 4992	Initialize success
22:47:05.0897 4992	============================================================
22:48:40.0356 5552	============================================================
22:48:40.0356 5552	Scan started
22:48:40.0356 5552	Mode: Manual; SigCheck; TDLFS; 
22:48:40.0356 5552	============================================================
22:48:40.0977 5552	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:48:41.0281 5552	ACPI - ok
22:48:41.0419 5552	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:48:41.0443 5552	AdobeARMservice - ok
22:48:41.0522 5552	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:48:41.0586 5552	adp94xx - ok
22:48:41.0699 5552	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:48:41.0761 5552	adpahci - ok
22:48:41.0817 5552	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:48:41.0851 5552	adpu160m - ok
22:48:41.0897 5552	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:48:41.0941 5552	adpu320 - ok
22:48:42.0000 5552	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:48:52.0350 5552	AeLookupSvc - ok
22:48:52.0520 5552	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:48:52.0810 5552	AFD - ok
22:48:52.0997 5552	AFS             (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
22:48:53.0067 5552	AFS ( UnsignedFile.Multi.Generic ) - warning
22:48:53.0067 5552	AFS - detected UnsignedFile.Multi.Generic (1)
22:48:53.0179 5552	AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
22:48:53.0327 5552	AgereModemAudio - ok
22:48:54.0406 5552	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
22:48:54.0550 5552	AgereSoftModem - ok
22:48:55.0735 5552	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:48:55.0764 5552	agp440 - ok
22:48:55.0890 5552	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:48:55.0934 5552	aic78xx - ok
22:48:56.0090 5552	AlfaFF          (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
22:48:56.0352 5552	AlfaFF - ok
22:48:56.0392 5552	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:48:56.0677 5552	ALG - ok
22:48:56.0732 5552	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:48:56.0762 5552	aliide - ok
22:48:57.0067 5552	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:48:57.0098 5552	amdagp - ok
22:48:57.0122 5552	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:48:57.0152 5552	amdide - ok
22:48:57.0444 5552	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:48:57.0564 5552	AmdK7 - ok
22:48:57.0883 5552	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:48:58.0013 5552	AmdK8 - ok
22:48:58.0424 5552	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:48:58.0453 5552	AntiVirSchedulerService - ok
22:48:58.0630 5552	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:48:58.0654 5552	AntiVirService - ok
22:48:58.0758 5552	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:48:58.0861 5552	Appinfo - ok
22:48:58.0990 5552	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:48:59.0020 5552	arc - ok
22:48:59.0093 5552	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:48:59.0123 5552	arcsas - ok
22:48:59.0225 5552	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:48:59.0671 5552	AsyncMac - ok
22:48:59.0726 5552	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:48:59.0764 5552	atapi - ok
22:48:59.0857 5552	atksgt          (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
22:48:59.0950 5552	atksgt - ok
22:49:00.0114 5552	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:49:00.0195 5552	AudioEndpointBuilder - ok
22:49:00.0205 5552	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:49:00.0282 5552	Audiosrv - ok
22:49:00.0617 5552	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:00.0650 5552	avgntflt - ok
22:49:00.0704 5552	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
22:49:00.0741 5552	avipbb - ok
22:49:00.0849 5552	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:00.0879 5552	avkmgr - ok
22:49:01.0049 5552	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:49:01.0201 5552	Beep - ok
22:49:01.0406 5552	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:49:01.0684 5552	BFE - ok
22:49:02.0231 5552	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:49:02.0413 5552	BITS - ok
22:49:02.0464 5552	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:49:02.0543 5552	blbdrive - ok
22:49:02.0955 5552	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:49:03.0122 5552	bowser - ok
22:49:03.0215 5552	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:49:03.0505 5552	BrFiltLo - ok
22:49:03.0557 5552	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:49:03.0800 5552	BrFiltUp - ok
22:49:03.0850 5552	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:49:03.0933 5552	Browser - ok
22:49:04.0092 5552	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:49:04.0460 5552	Brserid - ok
22:49:04.0504 5552	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:49:04.0640 5552	BrSerWdm - ok
22:49:04.0666 5552	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:49:04.0876 5552	BrUsbMdm - ok
22:49:04.0909 5552	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:49:05.0169 5552	BrUsbSer - ok
22:49:05.0350 5552	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:49:05.0445 5552	BthEnum - ok
22:49:05.0554 5552	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:05.0626 5552	BTHMODEM - ok
22:49:05.0682 5552	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:49:05.0766 5552	BthPan - ok
22:49:05.0882 5552	BthPort         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:49:06.0000 5552	BthPort - ok
22:49:06.0050 5552	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
22:49:06.0134 5552	BthServ - ok
22:49:06.0201 5552	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:49:06.0267 5552	BTHUSB - ok
22:49:06.0313 5552	btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
22:49:06.0343 5552	btwaudio - ok
22:49:06.0403 5552	btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
22:49:06.0432 5552	btwavdt - ok
22:49:06.0481 5552	btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
22:49:06.0515 5552	btwrchid - ok
22:49:06.0658 5552	BUNAgentSvc     (610ab863245f18e21d90f15da4ed1953) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
22:49:06.0677 5552	BUNAgentSvc - ok
22:49:06.0753 5552	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:06.0840 5552	cdfs - ok
22:49:06.0894 5552	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:49:06.0972 5552	cdrom - ok
22:49:07.0046 5552	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:49:07.0149 5552	CertPropSvc - ok
22:49:07.0269 5552	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:49:07.0347 5552	circlass - ok
22:49:07.0462 5552	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:49:07.0500 5552	CLFS - ok
22:49:07.0654 5552	CLHNService     (5ca9b1062c0c3e3ae19c23ad9d8a5048) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
22:49:07.0699 5552	CLHNService ( UnsignedFile.Multi.Generic ) - warning
22:49:07.0699 5552	CLHNService - detected UnsignedFile.Multi.Generic (1)
22:49:07.0792 5552	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:07.0823 5552	clr_optimization_v2.0.50727_32 - ok
22:49:07.0895 5552	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:07.0982 5552	CmBatt - ok
22:49:08.0128 5552	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:49:08.0171 5552	cmdide - ok
22:49:08.0200 5552	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:08.0231 5552	Compbatt - ok
22:49:08.0247 5552	COMSysApp - ok
22:49:08.0323 5552	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:49:08.0357 5552	crcdisk - ok
22:49:08.0402 5552	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:49:08.0497 5552	Crusoe - ok
22:49:08.0619 5552	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:49:08.0728 5552	CryptSvc - ok
22:49:08.0863 5552	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:49:08.0959 5552	DcomLaunch - ok
22:49:09.0062 5552	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:49:09.0137 5552	DfsC - ok
22:49:09.0564 5552	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:49:09.0862 5552	DFSR - ok
22:49:10.0148 5552	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:49:10.0285 5552	Dhcp - ok
22:49:10.0385 5552	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:49:10.0418 5552	disk - ok
22:49:10.0477 5552	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
22:49:10.0503 5552	DKbFltr - ok
22:49:10.0568 5552	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:49:10.0662 5552	Dnscache - ok
22:49:10.0806 5552	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:49:10.0908 5552	dot3svc - ok
22:49:11.0027 5552	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:49:11.0101 5552	DPS - ok
22:49:11.0240 5552	DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
22:49:11.0264 5552	DritekPortIO - ok
22:49:11.0354 5552	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:49:11.0425 5552	drmkaud - ok
22:49:11.0511 5552	DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:11.0620 5552	DXGKrnl - ok
22:49:11.0726 5552	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:49:11.0846 5552	E1G60 - ok
22:49:11.0907 5552	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:49:11.0972 5552	EapHost - ok
22:49:12.0081 5552	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:49:12.0128 5552	Ecache - ok
22:49:12.0296 5552	eDataSecurity Service (b7dc2580425225c320ceda78de55a3d0) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
22:49:12.0376 5552	eDataSecurity Service - ok
22:49:12.0473 5552	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:49:12.0583 5552	ehRecvr - ok
22:49:12.0641 5552	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:49:12.0715 5552	ehSched - ok
22:49:12.0749 5552	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:49:12.0797 5552	ehstart - ok
22:49:13.0135 5552	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:49:13.0210 5552	elxstor - ok
22:49:13.0359 5552	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:49:13.0482 5552	EMDMgmt - ok
22:49:13.0526 5552	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:49:13.0602 5552	ErrDev - ok
22:49:13.0768 5552	ETService       (58d906d84cc2e303c754ac7314595d3c) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
22:49:13.0836 5552	ETService ( UnsignedFile.Multi.Generic ) - warning
22:49:13.0836 5552	ETService - detected UnsignedFile.Multi.Generic (1)
22:49:13.0901 5552	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:49:13.0997 5552	EventSystem - ok
22:49:14.0063 5552	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:49:14.0128 5552	exfat - ok
22:49:14.0186 5552	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:49:14.0265 5552	fastfat - ok
22:49:14.0319 5552	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:49:14.0399 5552	fdc - ok
22:49:14.0449 5552	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:49:14.0516 5552	fdPHost - ok
22:49:14.0544 5552	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:49:14.0685 5552	FDResPub - ok
22:49:14.0770 5552	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:49:14.0805 5552	FileInfo - ok
22:49:14.0843 5552	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:49:14.0944 5552	Filetrace - ok
22:49:14.0981 5552	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:15.0063 5552	flpydisk - ok
22:49:15.0118 5552	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:49:15.0181 5552	FltMgr - ok
22:49:15.0419 5552	FontCache       (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
22:49:15.0545 5552	FontCache - ok
22:49:15.0650 5552	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:49:15.0679 5552	FontCache3.0.0.0 - ok
22:49:15.0848 5552	FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) D:\4.Programme\eigen installierte Programme\Sync\FreeAgentService.exe
22:49:15.0875 5552	FreeAgentGoNext Service - ok
22:49:15.0940 5552	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:16.0009 5552	Fs_Rec - ok
22:49:16.0050 5552	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:49:16.0081 5552	gagp30kx - ok
22:49:16.0130 5552	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
22:49:16.0153 5552	ggflt - ok
22:49:16.0209 5552	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
22:49:16.0231 5552	ggsemc - ok
22:49:16.0352 5552	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:49:16.0450 5552	gpsvc - ok
22:49:16.0629 5552	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:49:16.0654 5552	gupdate - ok
22:49:16.0662 5552	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:49:16.0690 5552	gupdatem - ok
22:49:16.0775 5552	HabuFltr        (828b3fd539b77d69fcce0c710101e91e) C:\Windows\system32\drivers\habu.sys
22:49:16.0844 5552	HabuFltr - ok
22:49:16.0962 5552	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:49:17.0099 5552	HdAudAddService - ok
22:49:17.0267 5552	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:49:17.0345 5552	HDAudBus - ok
22:49:17.0382 5552	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:17.0428 5552	HidBth - ok
22:49:17.0473 5552	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:49:17.0520 5552	HidIr - ok
22:49:17.0563 5552	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:49:17.0644 5552	hidserv - ok
22:49:17.0665 5552	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:17.0737 5552	HidUsb - ok
22:49:17.0815 5552	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:49:17.0901 5552	hkmsvc - ok
22:49:18.0027 5552	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:49:18.0059 5552	HpCISSs - ok
22:49:18.0149 5552	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:49:18.0259 5552	HTTP - ok
22:49:18.0307 5552	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:49:18.0338 5552	i2omp - ok
22:49:18.0398 5552	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:49:18.0489 5552	i8042prt - ok
22:49:18.0713 5552	IAANTMON        (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:49:18.0766 5552	IAANTMON - ok
22:49:18.0831 5552	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
22:49:18.0859 5552	iaStor - ok
22:49:18.0927 5552	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:49:18.0981 5552	iaStorV - ok
22:49:19.0169 5552	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:49:19.0285 5552	idsvc - ok
22:49:19.0315 5552	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:49:19.0344 5552	iirsp - ok
22:49:19.0401 5552	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:49:19.0510 5552	IKEEXT - ok
22:49:19.0561 5552	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
22:49:19.0590 5552	int15 ( UnsignedFile.Multi.Generic ) - warning
22:49:19.0590 5552	int15 - detected UnsignedFile.Multi.Generic (1)
22:49:19.0896 5552	IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
22:49:20.0097 5552	IntcAzAudAddService - ok
22:49:20.0379 5552	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:49:20.0408 5552	intelide - ok
22:49:20.0461 5552	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:20.0557 5552	intelppm - ok
22:49:20.0619 5552	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:49:20.0706 5552	IPBusEnum - ok
22:49:20.0744 5552	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:20.0834 5552	IpFilterDriver - ok
22:49:20.0948 5552	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:49:21.0051 5552	iphlpsvc - ok
22:49:21.0065 5552	IpInIp - ok
22:49:21.0117 5552	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:49:21.0185 5552	IPMIDRV - ok
22:49:21.0282 5552	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:49:21.0351 5552	IPNAT - ok
22:49:21.0378 5552	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:49:21.0460 5552	IRENUM - ok
22:49:21.0502 5552	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:49:21.0548 5552	isapnp - ok
22:49:21.0616 5552	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:49:21.0657 5552	iScsiPrt - ok
22:49:21.0740 5552	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:49:21.0774 5552	iteatapi - ok
22:49:21.0815 5552	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
22:49:21.0893 5552	itecir - ok
22:49:21.0937 5552	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:49:21.0969 5552	iteraid - ok
22:49:22.0031 5552	JMCR            (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys
22:49:22.0117 5552	JMCR - ok
22:49:22.0154 5552	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:22.0188 5552	kbdclass - ok
22:49:22.0228 5552	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:22.0291 5552	kbdhid - ok
22:49:22.0340 5552	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:22.0412 5552	KeyIso - ok
22:49:22.0474 5552	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:49:22.0590 5552	KSecDD - ok
22:49:22.0661 5552	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:49:22.0774 5552	KtmRm - ok
22:49:22.0848 5552	L1E             (03afb2705e68703e165cd817779b472f) C:\Windows\system32\DRIVERS\L1E60x86.sys
22:49:22.0913 5552	L1E - ok
22:49:22.0958 5552	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:49:23.0035 5552	LanmanServer - ok
22:49:23.0110 5552	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:49:23.0196 5552	LanmanWorkstation - ok
22:49:23.0366 5552	LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:49:23.0377 5552	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:49:23.0377 5552	LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:49:23.0463 5552	lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
22:49:23.0492 5552	lirsgt - ok
22:49:23.0529 5552	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:23.0585 5552	lltdio - ok
22:49:23.0669 5552	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:49:23.0770 5552	lltdsvc - ok
22:49:23.0818 5552	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:49:23.0939 5552	lmhosts - ok
22:49:23.0989 5552	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:49:24.0021 5552	LSI_FC - ok
22:49:24.0053 5552	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:49:24.0087 5552	LSI_SAS - ok
22:49:24.0186 5552	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:49:24.0227 5552	LSI_SCSI - ok
22:49:24.0308 5552	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:49:24.0383 5552	luafv - ok
22:49:24.0431 5552	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:49:24.0466 5552	MBAMProtector - ok
22:49:24.0567 5552	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:49:24.0628 5552	MBAMService - ok
22:49:24.0687 5552	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:49:24.0760 5552	Mcx2Svc - ok
22:49:24.0795 5552	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:49:24.0830 5552	megasas - ok
22:49:24.0916 5552	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:49:24.0975 5552	MegaSR - ok
22:49:25.0014 5552	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:49:25.0092 5552	MMCSS - ok
22:49:25.0132 5552	MobilityService - ok
22:49:25.0165 5552	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:49:25.0259 5552	Modem - ok
22:49:25.0318 5552	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:49:25.0375 5552	monitor - ok
22:49:25.0432 5552	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:49:25.0470 5552	mouclass - ok
22:49:25.0484 5552	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:25.0545 5552	mouhid - ok
22:49:25.0571 5552	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:49:25.0604 5552	MountMgr - ok
22:49:25.0716 5552	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:49:25.0766 5552	MozillaMaintenance - ok
22:49:25.0845 5552	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:49:25.0902 5552	mpio - ok
22:49:25.0948 5552	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:49:26.0017 5552	mpsdrv - ok
22:49:26.0119 5552	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:49:26.0227 5552	MpsSvc - ok
22:49:26.0302 5552	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:49:26.0334 5552	Mraid35x - ok
22:49:26.0412 5552	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:49:26.0492 5552	MRxDAV - ok
22:49:26.0549 5552	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:26.0682 5552	mrxsmb - ok
22:49:26.0766 5552	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:26.0864 5552	mrxsmb10 - ok
22:49:26.0918 5552	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:26.0976 5552	mrxsmb20 - ok
22:49:27.0026 5552	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:49:27.0104 5552	msahci - ok
22:49:27.0154 5552	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:49:27.0188 5552	msdsm - ok
22:49:27.0302 5552	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:49:27.0391 5552	MSDTC - ok
22:49:27.0418 5552	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:49:27.0556 5552	Msfs - ok
22:49:27.0612 5552	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:49:27.0645 5552	msisadrv - ok
22:49:27.0745 5552	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:49:27.0849 5552	MSiSCSI - ok
22:49:27.0858 5552	msiserver - ok
22:49:27.0910 5552	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:27.0973 5552	MSKSSRV - ok
22:49:27.0999 5552	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:28.0076 5552	MSPCLOCK - ok
22:49:28.0102 5552	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:49:28.0176 5552	MSPQM - ok
22:49:28.0222 5552	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:49:28.0273 5552	MsRPC - ok
22:49:28.0313 5552	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:49:28.0347 5552	mssmbios - ok
22:49:28.0369 5552	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:49:28.0459 5552	MSTEE - ok
22:49:28.0497 5552	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:49:28.0532 5552	Mup - ok
22:49:28.0610 5552	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:49:28.0725 5552	napagent - ok
22:49:28.0850 5552	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:28.0920 5552	NativeWifiP - ok
22:49:29.0039 5552	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:49:29.0095 5552	NDIS - ok
22:49:29.0127 5552	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:29.0196 5552	NdisTapi - ok
22:49:29.0229 5552	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:29.0294 5552	Ndisuio - ok
22:49:29.0345 5552	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:29.0420 5552	NdisWan - ok
22:49:29.0476 5552	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:49:29.0532 5552	NDProxy - ok
22:49:29.0562 5552	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:49:29.0629 5552	NetBIOS - ok
22:49:29.0713 5552	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:49:29.0824 5552	netbt - ok
22:49:29.0906 5552	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:29.0950 5552	Netlogon - ok
22:49:30.0028 5552	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:49:30.0152 5552	Netman - ok
22:49:30.0200 5552	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:49:30.0345 5552	netprofm - ok
22:49:30.0458 5552	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:49:30.0519 5552	NetTcpPortSharing - ok
22:49:30.0995 5552	NETw4v32        (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:49:31.0336 5552	NETw4v32 - ok
22:49:31.0545 5552	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:49:31.0573 5552	nfrd960 - ok
22:49:31.0646 5552	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:49:31.0715 5552	NlaSvc - ok
22:49:31.0766 5552	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:49:31.0836 5552	Npfs - ok
22:49:31.0859 5552	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:49:31.0970 5552	nsi - ok
22:49:32.0020 5552	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:49:32.0082 5552	nsiproxy - ok
22:49:32.0244 5552	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:49:32.0421 5552	Ntfs - ok
22:49:32.0528 5552	NTIBackupSvc    (a8b8edb4cdb2927cdc127e5bfe85ca7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:49:32.0570 5552	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
22:49:32.0570 5552	NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
22:49:32.0816 5552	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
22:49:32.0841 5552	NTIDrvr - ok
22:49:33.0009 5552	NTIPPKernel     (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
22:49:33.0072 5552	NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
22:49:33.0072 5552	NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
22:49:33.0118 5552	NTISchedulerSvc (50b1521bc145ce9634a5acd1c10d84f7) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:49:33.0169 5552	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
22:49:33.0169 5552	NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
22:49:33.0207 5552	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:49:33.0350 5552	ntrigdigi - ok
22:49:33.0406 5552	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:49:33.0499 5552	Null - ok
22:49:35.0323 5552	nvlddmkm        (747ab0334b95e5cf91b7cf63f9005530) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:49:36.0518 5552	nvlddmkm - ok
22:49:36.0795 5552	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:49:36.0830 5552	nvraid - ok
22:49:36.0877 5552	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:49:36.0906 5552	nvstor - ok
22:49:36.0978 5552	nvsvc - ok
22:49:37.0030 5552	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:49:37.0108 5552	nv_agp - ok
22:49:37.0115 5552	NwlnkFlt - ok
22:49:37.0125 5552	NwlnkFwd - ok
22:49:37.0177 5552	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:49:37.0296 5552	ohci1394 - ok
22:49:37.0455 5552	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:37.0605 5552	p2pimsvc - ok
22:49:37.0618 5552	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:37.0694 5552	p2psvc - ok
22:49:37.0792 5552	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:49:37.0895 5552	Parport - ok
22:49:37.0938 5552	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
22:49:37.0972 5552	partmgr - ok
22:49:38.0008 5552	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:49:38.0154 5552	Parvdm - ok
22:49:38.0223 5552	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:49:38.0325 5552	PcaSvc - ok
22:49:38.0388 5552	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:49:38.0438 5552	pci - ok
22:49:38.0490 5552	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:49:38.0520 5552	pciide - ok
22:49:38.0570 5552	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:49:38.0609 5552	pcmcia - ok
22:49:38.0781 5552	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:49:38.0988 5552	PEAUTH - ok
22:49:39.0241 5552	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:49:39.0439 5552	pla - ok
22:49:39.0685 5552	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:49:39.0790 5552	PlugPlay - ok
22:49:39.0907 5552	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:39.0990 5552	PNRPAutoReg - ok
22:49:40.0007 5552	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:40.0086 5552	PNRPsvc - ok
22:49:40.0226 5552	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:49:40.0345 5552	PolicyAgent - ok
22:49:40.0446 5552	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:40.0538 5552	PptpMiniport - ok
22:49:40.0572 5552	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:49:40.0741 5552	Processor - ok
22:49:40.0816 5552	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:49:40.0907 5552	ProfSvc - ok
22:49:40.0954 5552	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:41.0030 5552	ProtectedStorage - ok
22:49:41.0103 5552	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:49:41.0210 5552	PSched - ok
22:49:41.0294 5552	PSDFilter       (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
22:49:41.0331 5552	PSDFilter - ok
22:49:41.0369 5552	PSDNServ        (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
22:49:41.0402 5552	PSDNServ - ok
22:49:41.0450 5552	psdvdisk        (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
22:49:41.0482 5552	psdvdisk - ok
22:49:41.0540 5552	PxHelp20        (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
22:49:41.0575 5552	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:49:41.0575 5552	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:49:41.0776 5552	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:49:41.0945 5552	ql2300 - ok
22:49:41.0987 5552	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:49:42.0056 5552	ql40xx - ok
22:49:42.0183 5552	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:49:42.0283 5552	QWAVE - ok
22:49:42.0350 5552	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:49:42.0409 5552	QWAVEdrv - ok
22:49:42.0436 5552	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:42.0549 5552	RasAcd - ok
22:49:42.0690 5552	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:49:42.0824 5552	RasAuto - ok
22:49:42.0867 5552	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:42.0983 5552	Rasl2tp - ok
22:49:43.0054 5552	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:49:43.0159 5552	RasMan - ok
22:49:43.0203 5552	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:43.0301 5552	RasPppoe - ok
22:49:43.0337 5552	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:43.0392 5552	RasSstp - ok
22:49:43.0524 5552	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:43.0646 5552	rdbss - ok
22:49:43.0796 5552	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:43.0922 5552	RDPCDD - ok
22:49:44.0026 5552	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:49:44.0135 5552	rdpdr - ok
22:49:44.0165 5552	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:49:44.0261 5552	RDPENCDD - ok
22:49:44.0364 5552	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:49:44.0476 5552	RDPWD - ok
22:49:44.0539 5552	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:49:44.0639 5552	RemoteAccess - ok
22:49:44.0694 5552	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:49:44.0827 5552	RemoteRegistry - ok
22:49:44.0906 5552	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:49:44.0989 5552	RFCOMM - ok
22:49:45.0039 5552	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:49:45.0261 5552	RpcLocator - ok
22:49:45.0379 5552	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:49:45.0465 5552	RpcSs - ok
22:49:45.0506 5552	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:45.0599 5552	rspndr - ok
22:49:45.0679 5552	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
22:49:45.0749 5552	s1018bus - ok
22:49:45.0788 5552	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
22:49:45.0813 5552	s1018mdfl - ok
22:49:45.0869 5552	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
22:49:45.0895 5552	s1018mdm - ok
22:49:45.0951 5552	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
22:49:46.0010 5552	s1018mgmt ( UnsignedFile.Multi.Generic ) - warning
22:49:46.0010 5552	s1018mgmt - detected UnsignedFile.Multi.Generic (1)
22:49:46.0038 5552	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
22:49:46.0064 5552	s1018nd5 - ok
22:49:46.0091 5552	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
22:49:46.0166 5552	s1018obex - ok
22:49:46.0197 5552	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
22:49:46.0224 5552	s1018unic - ok
22:49:46.0305 5552	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:46.0341 5552	SamSs - ok
22:49:46.0375 5552	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:49:46.0408 5552	sbp2port - ok
22:49:46.0473 5552	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:49:46.0569 5552	SCardSvr - ok
22:49:46.0655 5552	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:49:46.0766 5552	Schedule - ok
22:49:46.0831 5552	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:49:46.0890 5552	SCPolicySvc - ok
22:49:46.0923 5552	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:49:47.0003 5552	SDRSVC - ok
22:49:47.0045 5552	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:49:47.0165 5552	secdrv - ok
22:49:47.0220 5552	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:49:47.0286 5552	seclogon - ok
22:49:47.0357 5552	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
22:49:47.0424 5552	seehcri - ok
22:49:47.0445 5552	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:49:47.0535 5552	SENS - ok
22:49:47.0574 5552	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:49:47.0679 5552	Serenum - ok
22:49:47.0729 5552	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:49:47.0830 5552	Serial - ok
22:49:47.0855 5552	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:49:47.0920 5552	sermouse - ok
22:49:47.0981 5552	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:49:48.0052 5552	SessionEnv - ok
22:49:48.0120 5552	sfdrv01         (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
22:49:48.0157 5552	sfdrv01 - ok
22:49:48.0177 5552	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:49:48.0222 5552	sffdisk - ok
22:49:48.0275 5552	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:48.0340 5552	sffp_mmc - ok
22:49:48.0371 5552	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:49:48.0426 5552	sffp_sd - ok
22:49:48.0467 5552	sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
22:49:48.0498 5552	sfhlp02 - ok
22:49:48.0520 5552	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:49:48.0641 5552	sfloppy - ok
22:49:48.0690 5552	sfsync04        (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
22:49:48.0722 5552	sfsync04 - ok
22:49:48.0802 5552	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:49:48.0947 5552	SharedAccess - ok
22:49:49.0022 5552	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:49:49.0132 5552	ShellHWDetection - ok
22:49:49.0179 5552	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:49:49.0256 5552	sisagp - ok
22:49:49.0313 5552	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:49:49.0345 5552	SiSRaid2 - ok
22:49:49.0384 5552	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:49:49.0418 5552	SiSRaid4 - ok
22:49:49.0961 5552	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:49:50.0211 5552	slsvc - ok
22:49:50.0481 5552	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:49:50.0597 5552	SLUINotify - ok
22:49:50.0714 5552	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:49:50.0810 5552	Smb - ok
22:49:50.0900 5552	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:49:50.0982 5552	SNMPTRAP - ok
22:49:51.0017 5552	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:49:51.0046 5552	spldr - ok
22:49:51.0139 5552	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:49:51.0256 5552	Spooler - ok
22:49:51.0382 5552	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:49:51.0487 5552	srv - ok
22:49:51.0559 5552	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:49:51.0643 5552	srv2 - ok
22:49:51.0730 5552	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:49:51.0798 5552	srvnet - ok
22:49:51.0882 5552	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:49:51.0966 5552	SSDPSRV - ok
22:49:52.0057 5552	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:49:52.0082 5552	ssmdrv - ok
22:49:52.0143 5552	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:49:52.0187 5552	SstpSvc - ok
22:49:52.0303 5552	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:49:52.0379 5552	stisvc - ok
22:49:52.0453 5552	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:49:52.0483 5552	swenum - ok
22:49:52.0577 5552	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:49:52.0651 5552	swprv - ok
22:49:52.0677 5552	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:49:52.0704 5552	Symc8xx - ok
22:49:52.0748 5552	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:49:52.0775 5552	Sym_hi - ok
22:49:52.0817 5552	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:49:52.0843 5552	Sym_u3 - ok
22:49:52.0912 5552	SynTP           (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
22:49:52.0998 5552	SynTP - ok
22:49:53.0094 5552	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:49:53.0175 5552	SysMain - ok
22:49:53.0264 5552	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:49:53.0354 5552	TabletInputService - ok
22:49:53.0439 5552	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:49:53.0622 5552	TapiSrv - ok
22:49:53.0721 5552	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:49:53.0832 5552	TBS - ok
22:49:54.0064 5552	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
22:49:54.0196 5552	Tcpip - ok
22:49:54.0228 5552	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
22:49:54.0367 5552	Tcpip6 - ok
22:49:54.0415 5552	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:49:54.0471 5552	tcpipreg - ok
22:49:54.0525 5552	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:49:54.0585 5552	TDPIPE - ok
22:49:54.0613 5552	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:49:54.0735 5552	TDTCP - ok
22:49:54.0846 5552	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:49:54.0905 5552	tdx - ok
22:49:54.0965 5552	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:49:55.0009 5552	TermDD - ok
22:49:55.0113 5552	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:49:55.0246 5552	TermService - ok
22:49:55.0342 5552	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:49:55.0386 5552	Themes - ok
22:49:55.0455 5552	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:49:55.0534 5552	THREADORDER - ok
22:49:55.0605 5552	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:49:55.0708 5552	TrkWks - ok
22:49:55.0810 5552	truecrypt       (6ec1d6ed5471c99ffc38abe498a6df08) C:\Windows\system32\drivers\truecrypt.sys
22:49:55.0871 5552	truecrypt - ok
22:49:55.0939 5552	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:49:55.0995 5552	TrustedInstaller - ok
22:49:56.0112 5552	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:56.0172 5552	tssecsrv - ok
22:49:56.0343 5552	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:49:56.0455 5552	tunmp - ok
22:49:56.0512 5552	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:49:56.0548 5552	tunnel - ok
22:49:56.0626 5552	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:49:56.0659 5552	uagp35 - ok
22:49:56.0690 5552	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
22:49:56.0715 5552	UBHelper - ok
22:49:56.0781 5552	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:49:56.0871 5552	udfs - ok
22:49:56.0908 5552	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:49:57.0007 5552	UI0Detect - ok
22:49:57.0031 5552	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:49:57.0089 5552	uliagpkx - ok
22:49:57.0138 5552	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:49:57.0255 5552	uliahci - ok
22:49:57.0320 5552	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:49:57.0370 5552	UlSata - ok
22:49:57.0400 5552	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:49:57.0445 5552	ulsata2 - ok
22:49:57.0466 5552	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:49:57.0562 5552	umbus - ok
22:49:57.0675 5552	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:49:57.0764 5552	upnphost - ok
22:49:57.0841 5552	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:57.0892 5552	usbccgp - ok
22:49:58.0025 5552	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:49:58.0144 5552	usbcir - ok
22:49:58.0213 5552	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:49:58.0336 5552	usbehci - ok
22:49:58.0374 5552	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:49:58.0673 5552	usbhub - ok
22:49:58.0724 5552	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:49:58.0869 5552	usbohci - ok
22:49:58.0907 5552	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:49:58.0989 5552	usbprint - ok
22:49:59.0057 5552	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:49:59.0105 5552	usbscan - ok
22:49:59.0142 5552	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
22:49:59.0198 5552	usbser - ok
22:49:59.0241 5552	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:59.0331 5552	USBSTOR - ok
22:49:59.0361 5552	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:49:59.0421 5552	usbuhci - ok
22:49:59.0480 5552	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:49:59.0617 5552	usbvideo - ok
22:49:59.0743 5552	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:49:59.0806 5552	UxSms - ok
22:50:00.0245 5552	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:50:00.0347 5552	vds - ok
22:50:00.0483 5552	vfs101x         (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
22:50:00.0505 5552	vfs101x - ok
22:50:00.0631 5552	vfsFPService    (96bb29c8d28cbcf595a7c44a4519c002) C:\Windows\system32\vfsFPService.exe
22:50:00.0693 5552	vfsFPService - ok
22:50:00.0811 5552	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:00.0912 5552	vga - ok
22:50:00.0940 5552	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:50:01.0076 5552	VgaSave - ok
22:50:01.0106 5552	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:50:01.0139 5552	viaagp - ok
22:50:01.0207 5552	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:50:01.0273 5552	ViaC7 - ok
22:50:01.0314 5552	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:50:01.0344 5552	viaide - ok
22:50:01.0413 5552	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:50:01.0445 5552	volmgr - ok
22:50:01.0506 5552	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:50:01.0589 5552	volmgrx - ok
22:50:01.0664 5552	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:50:01.0718 5552	volsnap - ok
22:50:01.0778 5552	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:50:01.0814 5552	vsmraid - ok
22:50:01.0954 5552	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:50:02.0193 5552	VSS - ok
22:50:02.0272 5552	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:50:02.0350 5552	W32Time - ok
22:50:02.0511 5552	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:50:02.0664 5552	WacomPen - ok
22:50:02.0717 5552	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0805 5552	Wanarp - ok
22:50:02.0812 5552	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0876 5552	Wanarpv6 - ok
22:50:03.0034 5552	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:50:03.0126 5552	wcncsvc - ok
22:50:03.0182 5552	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:50:03.0314 5552	WcsPlugInService - ok
22:50:03.0359 5552	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:50:03.0401 5552	Wd - ok
22:50:03.0468 5552	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:50:03.0595 5552	Wdf01000 - ok
22:50:03.0631 5552	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:50:03.0721 5552	WdiServiceHost - ok
22:50:03.0740 5552	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:50:03.0807 5552	WdiSystemHost - ok
22:50:03.0972 5552	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:50:04.0033 5552	WebClient - ok
22:50:04.0127 5552	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
22:50:04.0195 5552	Wecsvc - ok
22:50:04.0250 5552	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:50:04.0339 5552	wercplsupport - ok
22:50:04.0403 5552	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:50:04.0461 5552	WerSvc - ok
22:50:04.0674 5552	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:50:04.0710 5552	WinDefend - ok
22:50:04.0728 5552	WinHttpAutoProxySvc - ok
22:50:04.0830 5552	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:50:04.0881 5552	Winmgmt - ok
22:50:04.0986 5552	WinRM           (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
22:50:05.0133 5552	WinRM - ok
22:50:05.0235 5552	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:50:05.0346 5552	Wlansvc - ok
22:50:05.0969 5552	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:06.0238 5552	wlidsvc - ok
22:50:06.0735 5552	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:50:06.0876 5552	WmiAcpi - ok
22:50:06.0973 5552	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:07.0076 5552	wmiApSrv - ok
22:50:07.0437 5552	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:50:07.0601 5552	WMPNetworkSvc - ok
22:50:07.0670 5552	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:50:07.0753 5552	WPCSvc - ok
22:50:07.0848 5552	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:50:07.0946 5552	WPDBusEnum - ok
22:50:08.0061 5552	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:50:08.0092 5552	WpdUsb - ok
22:50:08.0311 5552	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:08.0366 5552	ws2ifsl - ok
22:50:08.0432 5552	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
22:50:08.0509 5552	wscsvc - ok
22:50:08.0541 5552	WSearch - ok
22:50:08.0904 5552	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:50:09.0087 5552	wuauserv - ok
22:50:09.0468 5552	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:09.0589 5552	WUDFRd - ok
22:50:09.0766 5552	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:50:09.0834 5552	wudfsvc - ok
22:50:09.0987 5552	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
22:50:10.0010 5552	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:50:10.0077 5552	MBR (0x1B8)     (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
22:50:11.0931 5552	\Device\Harddisk0\DR0 - ok
22:50:11.0980 5552	Boot (0x1200)   (82e711d545f91928641b5d30ab48097a) \Device\Harddisk0\DR0\Partition0
22:50:11.0982 5552	\Device\Harddisk0\DR0\Partition0 - ok
22:50:12.0003 5552	Boot (0x1200)   (396d609dea7b9b3933cc4fc8e4dce1fc) \Device\Harddisk0\DR0\Partition1
22:50:12.0005 5552	\Device\Harddisk0\DR0\Partition1 - ok
22:50:12.0006 5552	============================================================
22:50:12.0006 5552	Scan finished
22:50:12.0006 5552	============================================================
22:50:12.0061 6024	Detected object count: 10
22:50:12.0061 6024	Actual detected object count: 10
22:51:34.0359 6024	AFS ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0359 6024	AFS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0363 6024	CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0363 6024	CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0366 6024	ETService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0366 6024	ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0371 6024	int15 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0371 6024	int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0373 6024	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0374 6024	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0377 6024	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0377 6024	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0380 6024	NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0380 6024	NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0384 6024	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0384 6024	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0388 6024	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0388 6024	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:51:34.0392 6024	s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0392 6024	s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.06.2012, 09:45

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

nighthunter · 11.06.2012, 13:43

Hi,hab nun ComboFix ausgeführt wie beschrieben.Hier der LogText:

Code:

ATTFilter

ComboFix 12-06-10.01 - Günter 11.06.2012  14:20:59.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.2561 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\users\Günter\AppData\Local\kuywwao.dat
c:\users\Günter\AppData\Local\kuywwao_nav.dat
c:\users\Günter\AppData\Local\kuywwao_navps.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-11 bis 2012-06-11  ))))))))))))))))))))))))))))))
.
.
2012-06-11 12:26 . 2012-06-11 12:28	--------	d-----w-	c:\users\Günter\AppData\Local\temp
2012-06-11 12:26 . 2012-06-11 12:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-08 15:28 . 2012-06-08 15:28	--------	d-----w-	c:\program files\ESET
2012-06-08 15:10 . 2012-06-08 15:10	--------	d-----w-	c:\users\Günter\AppData\Roaming\Malwarebytes
2012-06-08 15:09 . 2012-06-08 15:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-08 15:09 . 2012-06-08 15:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-08 15:09 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-08 15:08 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C0BBE2B-1A80-4702-BCD7-47F5ECCE1543}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 09:16 . 2012-03-31 04:58	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-13 09:16 . 2011-06-08 09:04	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 08:18 . 2012-02-12 13:07	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 08:18 . 2012-02-12 13:07	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-03 08:16 . 2012-05-11 16:17	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 16:17	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-11 16:17	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-11 16:17	905600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-11 16:17	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-03 16:47 . 2011-05-07 16:50	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AeroSnap"="d:\4.programme\eigen installierte Programme\aerosnap desktop tool\AeroSnap\AeroSnap.exe" [2008-12-06 886784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-12 3642368]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"QuickTime Task"="c:\users\Günter\QTTask.exe" [2010-11-29 421888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Günter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sidebar - Verknüpfung.lnk - c:\program files\Windows Sidebar\sidebar.exe [2009-9-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-12 00:58	3024384	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Acer\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 18:54]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 18:54]
.
2012-06-11 c:\windows\Tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
mLocal Page = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bild.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-IcoFX_is1 - d:\programme\IcoFX 1.6\unins000.exe
AddRemove-UberIcon_is1 - d:\downloads\UberIcon\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,25,04,0b,03,72,0c,bf,7e,32,8b,45,8f,c4,07,63,d5,7c,ca,28,01,
   91,86,d5,1b,0a,db,97,df,84,75,67,19,41,67,1a,f9,c4,c5,a2,10,bd,a4,ec,37,05,\
"rkeysecu"=hex:de,cf,9f,76,91,10,12,bc,18,a8,fe,19,e7,d0,0f,90
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3868)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\vfsFPService.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
d:\4.programme\eigen installierte Programme\Sync\FreeAgentService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11  14:36:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-11 12:35
.
Vor Suchlauf: 17 Verzeichnis(se), 71.792.431.104 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 68.102.803.456 Bytes frei
.
- - End Of File - - EBBDAD49E915C57F2797EB45DA3915E0

Virus Windows Update Ukash..mich hats auch getroffen.Hier die Log Files...

Log-Analyse und Auswertung: Virus Windows Update Ukash..mich hats auch getroffen.Hier die Log Files...