Live Security Platinum wieder entfernen?

cosinus · 12.07.2012, 14:38

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

rooney1902 · 12.07.2012, 20:03

So vielleicht?

Code:

ATTFilter

OTL logfile created on: 12.07.2012 20:33:30 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chantal u. Ronnie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,83% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 192,98 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
 
Computer Name: CHANTALURONN-PC | User Name: Chantal u. Ronnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 20:30:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal u. Ronnie\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 15:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
PRC - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgrSvc.exe
PRC - [2008.04.16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.03.26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008.03.19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008.03.10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.02.22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.26 14:51:00 | 001,085,440 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgr.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.11.03 15:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
MOD - [2008.01.08 10:39:24 | 001,581,056 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\QtCore4.dll
MOD - [2007.12.04 21:47:40 | 000,131,072 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\Imageformats\qjpeg4.dll
MOD - [2007.12.04 21:36:04 | 006,434,816 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\QtGui4.dll
MOD - [2007.12.04 21:18:36 | 000,356,352 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\QtXml4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.12.04 20:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.21 23:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.25 06:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.11.29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007.11.29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.11.29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007.11.29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.07.31 18:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006.11.17 12:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.09.05 20:09:26 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se59obex.sys -- (se59obex)
DRV - [2006.09.05 20:07:00 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..\SearchScopes\{0A780160-524F-404C-8F8C-F18E31F7B863}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.07 18:15:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.07 18:15:40 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GoogleT5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"hxxp://cash-games.gmx.de/single_play.jsp?game=couronne_king&altVer=false&gameMode=2" File not found
O4 - Startup: C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O7 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chantal u. Ronnie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED3874C-5EA8-4050-9D42-9731B9564D21}: DhcpNameServer = 192.168.5.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | R--- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{af7a4862-24fa-11de-bfad-001f1613886a}\Shell\AutoRun\command - "" = G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.12 20:30:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chantal u. Ronnie\Desktop\OTL.exe
[2012.07.11 11:51:31 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Chantal u. Ronnie\Desktop\unhide.exe
[2012.07.07 14:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.03 23:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.03 23:32:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.03 23:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.03 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.03 22:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3BB132185D57BAF5B5570F1C8B
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Suowe
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Qapyfu
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Doizo
[2011.01.15 11:41:14 | 000,079,392 | ---- | C] (Martin Pesch) -- C:\Users\Chantal u. Ronnie\mp3DirectCut.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.07.12 20:30:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal u. Ronnie\Desktop\OTL.exe
[2012.07.12 20:28:29 | 000,033,011 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.12 20:28:26 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 20:28:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 19:25:00 | 000,033,011 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.12 19:24:39 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.12 19:24:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 19:24:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 12:09:49 | 000,000,795 | ---- | M] () -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.07.12 11:20:49 | 000,002,631 | ---- | M] () -- C:\Users\Chantal u. Ronnie\Desktop\Microsoft Office Word 2007.lnk
[2012.07.12 08:57:52 | 000,330,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 15:55:05 | 000,618,655 | ---- | M] () -- C:\Users\Chantal u. Ronnie\Desktop\adwcleaner.exe
[2012.07.11 11:51:31 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Chantal u. Ronnie\Desktop\unhide.exe
[2012.07.09 18:48:56 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 18:48:56 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 18:48:56 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 18:48:56 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 23:32:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 23:07:59 | 000,002,633 | ---- | M] () -- C:\Users\Chantal u. Ronnie\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.28 15:03:27 | 000,033,792 | ---- | M] () -- C:\Users\Chantal u. Ronnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.22 15:29:22 | 000,002,782 | ---- | M] () -- C:\Users\Chantal u. Ronnie\AppData\Roaming\wklnhst.dat
 
========== Files Created - No Company Name ==========
 
[2012.07.11 15:55:05 | 000,618,655 | ---- | C] () -- C:\Users\Chantal u. Ronnie\Desktop\adwcleaner.exe
[2012.07.03 23:32:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.26 17:00:03 | 000,000,736 | ---- | C] () -- C:\Users\Chantal u. Ronnie\VLC media player.lnk
[2012.03.07 18:02:24 | 000,241,440 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.01.15 12:15:42 | 000,001,280 | ---- | C] () -- C:\Users\Chantal u. Ronnie\mp3DirectCut.ini
[2011.01.15 11:41:14 | 000,026,314 | ---- | C] () -- C:\Users\Chantal u. Ronnie\Manual.htm
[2011.01.15 11:41:14 | 000,014,512 | ---- | C] () -- C:\Users\Chantal u. Ronnie\FAQ.htm
[2010.11.18 22:38:15 | 000,697,897 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.18 22:38:15 | 000,026,039 | ---- | C] () -- C:\Windows\unins000.dat
[2010.06.27 15:05:38 | 000,000,680 | ---- | C] () -- C:\Users\Chantal u. Ronnie\AppData\Local\d3d9caps.dat
[2010.06.18 09:54:56 | 000,000,008 | ---- | C] () -- C:\Users\Chantal u. Ronnie\AppData\Roaming\NMM-MetaData.db
[2009.10.07 22:32:47 | 000,010,752 | ---- | C] () -- C:\Users\Chantal u. Ronnie\Lieder.wps
[2009.04.15 17:14:19 | 000,033,792 | ---- | C] () -- C:\Users\Chantal u. Ronnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 13:31:25 | 000,002,782 | ---- | C] () -- C:\Users\Chantal u. Ronnie\AppData\Roaming\wklnhst.dat
[2008.12.15 06:47:10 | 000,033,011 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.15 06:37:57 | 000,033,011 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.03 22:59:26 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Doizo
[2011.07.09 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.18 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Nokia
[2010.06.18 09:55:52 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Nokia Multimedia Player
[2009.06.06 13:26:58 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\OpenOffice.org
[2010.06.18 09:56:21 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\PC Suite
[2012.07.03 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Qapyfu
[2012.07.04 00:36:08 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Suowe
[2009.07.01 07:28:05 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\T-Online
[2009.04.09 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Template
[2012.07.12 12:09:53 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.12 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.06.05 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Adobe
[2009.07.13 11:39:01 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Apple Computer
[2010.03.27 16:24:00 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Corel
[2012.07.03 22:59:26 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Doizo
[2011.07.09 15:36:13 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.11 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Google
[2012.03.07 18:28:56 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\HP
[2012.06.24 23:37:35 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\HpUpdate
[2009.04.08 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Identities
[2009.04.08 20:44:28 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Macromedia
[2012.05.10 15:00:07 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Media Center Programs
[2012.07.06 11:43:30 | 000,000,000 | --SD | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft
[2009.07.13 11:30:37 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Mozilla
[2009.04.09 13:39:42 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Nero
[2010.06.18 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Nokia
[2010.06.18 09:55:52 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Nokia Multimedia Player
[2009.06.06 13:26:58 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\OpenOffice.org
[2010.06.18 09:56:21 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\PC Suite
[2012.07.03 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Qapyfu
[2012.07.04 00:36:08 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Suowe
[2009.07.01 07:28:05 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\T-Online
[2009.04.09 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Template
[2012.06.13 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\vlc
[2012.03.07 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 15:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Das kam auch noch dazu:

Code:

ATTFilter

OTL Extras logfile created on: 12.07.2012 20:33:30 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chantal u. Ronnie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,83% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 83,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 192,98 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
 
Computer Name: CHANTALURONN-PC | User Name: Chantal u. Ronnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B346597-5DB9-4BDD-A0C9-A09301000EC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{55A87133-BF08-4D1E-8DBF-D2B7131ED0F6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{E940EBF6-2775-4F08-BB01-9858D0713A0A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0451747B-D875-4BB0-9703-6A74D700C3F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{1F887B8F-33AA-411D-8DFE-64FAE0FE22AC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{20D91CF4-463A-40DC-9A55-5703B885349D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2924A481-BA86-4E71-89B9-66EF8C154846}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{2ADFBC11-741F-454D-90FF-061CE2B528BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{2DE2A6EF-DE30-41CE-AB9F-0BD2E81132AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{3C8D8457-E027-4F23-B7DC-65938518666D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{3CA2DE0B-780F-46EA-B2EC-3D4FAEBD5645}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{453B9920-CC4C-461B-97B4-DA7C3EABDC4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{4BE72479-3E81-4797-80B3-F6D4C877C4A0}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{5ED8C9B7-EB7B-44AF-B183-972A3E9B90B3}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{6F01E31D-45E2-4C66-92E4-416A41B9B1BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{7256E0FA-4B4B-4D4A-BBE1-A29156F77EDB}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{75391D6E-4CFB-4D93-941C-360B347FC1C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{86F2A4D8-9E30-4B7E-A05D-9BA76D558B30}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{BDE5238A-0BDA-43F3-B6EE-A2C6C6417AF2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C371F3A9-04C8-46B3-90D0-76EAD739B138}" = dir=in | app=e:\setup\hpznui01.exe | 
"{D2B9CD50-C225-413A-80E4-666A51EA6307}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D429E36F-0ACC-4A0E-AAA4-200B8EDA6386}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{D679B475-8501-4C46-BCB6-87C27A147795}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{D785E749-16B3-4A39-BD54-B8AB96CEC71E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{DE3E20E0-50B4-4D30-87BA-4F0CB6D29471}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E019A993-C28A-4EDF-AA21-741BE9A5EB50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E1EE22CE-7C40-4D16-ADED-6CDB2FC85152}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{E2DC784A-2D3F-43AB-8BC0-298A3AFDD53A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F3BCD507-54C6-41AA-B884-FB37B2AFB6AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{FA076751-8A87-4FA4-92E3-2B991485B812}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{FB7AA4AB-7A44-48FF-9AE0-11D3912D23F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"TCP Query User{07B3A1A7-0929-4F90-8F72-A2B6F5009120}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{56216F0B-C46B-48F2-AB7E-8FE7136F6D1A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D1742215-C6D2-430D-8E23-39F2B06326F2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FF38E95C-2289-4029-9A88-3ACB096D3DF9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0CE5F2BF-2C81-4F4A-8BB4-8F0F2D77BA41}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{68CDB416-6D68-425D-81CD-166C9B8E6C4E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{82EDD514-6A9A-4AEF-941D-B034A1E14D58}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A33C86D5-8D3C-4BE7-95E2-F3F8249C7503}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Das große Abenteuer
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Meteor_is1" = Meteor version 2.1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"X10Hardware" = X10 Hardware(TM)
"XP-Games JRE" = XP-Games JRE
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.02.2011 07:00:58 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.02.2011 07:00:58 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.02.2011 07:01:56 | Computer Name = ChantaluRonn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2011 12:08:11 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.02.2011 12:08:11 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.02.2011 12:08:42 | Computer Name = ChantaluRonn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.02.2011 06:30:40 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.02.2011 06:30:40 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.02.2011 06:31:20 | Computer Name = ChantaluRonn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.02.2011 06:31:38 | Computer Name = ChantaluRonn-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.07.2012 03:09:29 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 03:09:29 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.07.2012 03:28:02 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 03:28:02 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.07.2012 05:19:56 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 05:19:56 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.07.2012 05:49:47 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 05:49:47 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.07.2012 13:25:51 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2012 13:25:51 | Computer Name = ChantaluRonn-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

cosinus · 12.07.2012, 21:13

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O7 - HKU\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | R--- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
[2012.07.03 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.03 22:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3BB132185D57BAF5B5570F1C8B
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Suowe
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Qapyfu
[2012.07.03 22:56:07 | 000,000,000 | ---D | C] -- C:\Users\Chantal u. Ronnie\AppData\Roaming\Doizo
:Files
C:\Program Files\Common Files\Spigot
C:\Program Files\pdfforge Toolbar
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rooney1902 · 14.07.2012, 09:27

Hier ist es:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\S-1-5-21-3529669538-726455522-2587087912-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Picasa Media Detector not found.
Registry value HKEY_USERS\S-1-5-21-3529669538-726455522-2587087912-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
C:\Users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
Folder C:\ProgramData\F4D55F3BB132185D57BAF5B5570F1C8B\ not found.
C:\Users\Chantal u. Ronnie\AppData\Roaming\Suowe folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\Roaming\Qapyfu folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\Roaming\Doizo folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Common Files\Spigot not found.
File\Folder C:\Program Files\pdfforge Toolbar not found.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-47dac694-n folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Chantal u. Ronnie\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chantal u. Ronnie
->Temp folder emptied: 1427962 bytes
->Temporary Internet Files folder emptied: 252364271 bytes
->Flash cache emptied: 1244 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 325685 bytes
RecycleBin emptied: 2788 bytes

Total Files Cleaned = 242,00 mb

[EMPTYFLASH]

User: All Users

User: Chantal u. Ronnie
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_102327

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 14.07.2012, 14:57

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

rooney1902 · 15.07.2012, 22:58

Hier ist das Log:

23:53:26.0844 4340 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:53:27.0125 4340 ============================================================
23:53:27.0125 4340 Current date / time: 2012/07/15 23:53:27.0125
23:53:27.0125 4340 SystemInfo:
23:53:27.0125 4340
23:53:27.0125 4340 OS Version: 6.0.6002 ServicePack: 2.0
23:53:27.0125 4340 Product type: Workstation
23:53:27.0125 4340 ComputerName: CHANTALURONN-PC
23:53:27.0125 4340 UserName: Chantal u. Ronnie
23:53:27.0125 4340 Windows directory: C:\Windows
23:53:27.0125 4340 System windows directory: C:\Windows
23:53:27.0125 4340 Processor architecture: Intel x86
23:53:27.0125 4340 Number of processors: 2
23:53:27.0125 4340 Page size: 0x1000
23:53:27.0125 4340 Boot type: Normal boot
23:53:27.0125 4340 ============================================================
23:53:28.0435 4340 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:53:28.0451 4340 ============================================================
23:53:28.0451 4340 \Device\Harddisk0\DR0:
23:53:28.0451 4340 MBR partitions:
23:53:28.0451 4340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22C25800
23:53:28.0451 4340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22C28D8D, BlocksNum 0x2804934
23:53:28.0451 4340 ============================================================
23:53:28.0482 4340 C: <-> \Device\Harddisk0\DR0\Partition0
23:53:28.0513 4340 D: <-> \Device\Harddisk0\DR0\Partition1
23:53:28.0513 4340 ============================================================
23:53:28.0513 4340 Initialize success
23:53:28.0513 4340 ============================================================
23:54:01.0835 5856 ============================================================
23:54:01.0835 5856 Scan started
23:54:01.0835 5856 Mode: Manual; SigCheck; TDLFS;
23:54:01.0835 5856 ============================================================
23:54:03.0317 5856 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:54:03.0473 5856 ACPI - ok
23:54:03.0551 5856 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:54:03.0597 5856 adp94xx - ok
23:54:03.0644 5856 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:54:03.0675 5856 adpahci - ok
23:54:03.0707 5856 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:54:03.0738 5856 adpu160m - ok
23:54:03.0769 5856 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:54:03.0800 5856 adpu320 - ok
23:54:03.0831 5856 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:54:03.0925 5856 AeLookupSvc - ok
23:54:03.0972 5856 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:54:04.0034 5856 AFD - ok
23:54:04.0065 5856 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:54:04.0097 5856 agp440 - ok
23:54:04.0128 5856 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:54:04.0143 5856 aic78xx - ok
23:54:04.0190 5856 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:54:04.0331 5856 ALG - ok
23:54:04.0346 5856 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:54:04.0362 5856 aliide - ok
23:54:04.0393 5856 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:54:04.0409 5856 amdagp - ok
23:54:04.0440 5856 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:54:04.0455 5856 amdide - ok
23:54:04.0471 5856 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:54:04.0549 5856 AmdK7 - ok
23:54:04.0565 5856 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:54:04.0611 5856 AmdK8 - ok
23:54:04.0658 5856 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:54:04.0705 5856 Appinfo - ok
23:54:04.0736 5856 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:54:04.0752 5856 arc - ok
23:54:04.0783 5856 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:54:04.0799 5856 arcsas - ok
23:54:04.0845 5856 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:04.0877 5856 AsyncMac - ok
23:54:04.0908 5856 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:54:04.0923 5856 atapi - ok
23:54:05.0001 5856 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:54:05.0033 5856 AudioEndpointBuilder - ok
23:54:05.0033 5856 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:54:05.0064 5856 Audiosrv - ok
23:54:05.0079 5856 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:54:05.0111 5856 Beep - ok
23:54:05.0189 5856 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:54:05.0235 5856 BFE - ok
23:54:05.0360 5856 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:54:05.0407 5856 BITS - ok
23:54:05.0438 5856 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:54:05.0469 5856 blbdrive - ok
23:54:05.0516 5856 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:54:05.0563 5856 bowser - ok
23:54:05.0594 5856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:54:05.0625 5856 BrFiltLo - ok
23:54:05.0641 5856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:54:05.0688 5856 BrFiltUp - ok
23:54:05.0719 5856 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:54:05.0766 5856 Browser - ok
23:54:05.0813 5856 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:54:05.0984 5856 Brserid - ok
23:54:06.0015 5856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:54:06.0062 5856 BrSerWdm - ok
23:54:06.0078 5856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:54:06.0140 5856 BrUsbMdm - ok
23:54:06.0140 5856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:54:06.0203 5856 BrUsbSer - ok
23:54:06.0234 5856 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:54:06.0296 5856 BTHMODEM - ok
23:54:06.0499 5856 Cam5607 (bc46e036ad1fec3c56583d2802e68efe) C:\Windows\system32\Drivers\BisonC07.sys
23:54:06.0608 5856 Cam5607 - ok
23:54:06.0780 5856 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:54:06.0827 5856 cdfs - ok
23:54:06.0873 5856 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:54:06.0920 5856 cdrom - ok
23:54:06.0951 5856 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:54:06.0998 5856 CertPropSvc - ok
23:54:07.0014 5856 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:54:07.0061 5856 circlass - ok
23:54:07.0092 5856 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:54:07.0123 5856 CLFS - ok
23:54:07.0185 5856 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:54:07.0201 5856 clr_optimization_v2.0.50727_32 - ok
23:54:07.0279 5856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:07.0326 5856 clr_optimization_v4.0.30319_32 - ok
23:54:07.0357 5856 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:07.0419 5856 CmBatt - ok
23:54:07.0451 5856 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:54:07.0466 5856 cmdide - ok
23:54:07.0497 5856 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:54:07.0513 5856 Compbatt - ok
23:54:07.0513 5856 COMSysApp - ok
23:54:07.0529 5856 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:54:07.0544 5856 crcdisk - ok
23:54:07.0575 5856 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:54:07.0622 5856 Crusoe - ok
23:54:07.0685 5856 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
23:54:07.0716 5856 CryptSvc - ok
23:54:07.0809 5856 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:54:07.0856 5856 DcomLaunch - ok
23:54:07.0903 5856 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:54:07.0950 5856 DfsC - ok
23:54:08.0199 5856 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:54:08.0324 5856 DFSR - ok
23:54:08.0527 5856 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:54:08.0574 5856 Dhcp - ok
23:54:08.0621 5856 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:54:08.0636 5856 disk - ok
23:54:08.0683 5856 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:54:08.0745 5856 Dnscache - ok
23:54:08.0792 5856 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:54:08.0839 5856 dot3svc - ok
23:54:08.0917 5856 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:54:08.0979 5856 Dot4 - ok
23:54:09.0011 5856 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:54:09.0057 5856 Dot4Print - ok
23:54:09.0073 5856 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:54:09.0120 5856 dot4usb - ok
23:54:09.0182 5856 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:54:09.0213 5856 DPS - ok
23:54:09.0260 5856 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:54:09.0291 5856 drmkaud - ok
23:54:09.0354 5856 DslMNLwf (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys
23:54:09.0354 5856 DslMNLwf - ok
23:54:09.0401 5856 dsltestSp5 (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
23:54:09.0416 5856 dsltestSp5 - ok
23:54:09.0510 5856 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:54:09.0541 5856 DXGKrnl - ok
23:54:09.0603 5856 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:54:09.0650 5856 E1G60 - ok
23:54:09.0681 5856 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:54:09.0713 5856 EapHost - ok
23:54:09.0759 5856 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:54:09.0791 5856 Ecache - ok
23:54:09.0869 5856 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:54:09.0900 5856 ehRecvr - ok
23:54:09.0915 5856 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:54:09.0947 5856 ehSched - ok
23:54:09.0978 5856 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:54:09.0993 5856 ehstart - ok
23:54:10.0071 5856 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:54:10.0103 5856 elxstor - ok
23:54:10.0196 5856 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:54:10.0290 5856 EMDMgmt - ok
23:54:10.0321 5856 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:54:10.0368 5856 ErrDev - ok
23:54:10.0430 5856 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:54:10.0461 5856 EventSystem - ok
23:54:10.0524 5856 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:54:10.0571 5856 exfat - ok
23:54:10.0617 5856 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:54:10.0649 5856 fastfat - ok
23:54:10.0695 5856 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:54:10.0727 5856 fdc - ok
23:54:10.0789 5856 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:54:10.0836 5856 fdPHost - ok
23:54:10.0836 5856 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:54:10.0898 5856 FDResPub - ok
23:54:10.0945 5856 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:54:10.0961 5856 FileInfo - ok
23:54:10.0961 5856 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:54:11.0007 5856 Filetrace - ok
23:54:11.0023 5856 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:11.0070 5856 flpydisk - ok
23:54:11.0117 5856 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:54:11.0148 5856 FltMgr - ok
23:54:11.0273 5856 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:54:11.0335 5856 FontCache - ok
23:54:11.0397 5856 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:54:11.0413 5856 FontCache3.0.0.0 - ok
23:54:11.0444 5856 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:54:11.0475 5856 Fs_Rec - ok
23:54:11.0507 5856 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:54:11.0538 5856 gagp30kx - ok
23:54:11.0600 5856 GoogleDesktopManager-092308-165331 (9e37e0c528e1e3a79e215b6a4eea2143) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:54:11.0600 5856 GoogleDesktopManager-092308-165331 - ok
23:54:11.0709 5856 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:54:11.0803 5856 gpsvc - ok
23:54:11.0865 5856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:54:11.0881 5856 gupdate - ok
23:54:11.0881 5856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:54:11.0897 5856 gupdatem - ok
23:54:11.0975 5856 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:54:12.0068 5856 HdAudAddService - ok
23:54:12.0146 5856 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:54:12.0224 5856 HDAudBus - ok
23:54:12.0255 5856 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:54:12.0333 5856 HidBth - ok
23:54:12.0427 5856 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:54:12.0505 5856 HidIr - ok
23:54:12.0614 5856 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:54:12.0661 5856 hidserv - ok
23:54:12.0692 5856 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:54:12.0739 5856 HidUsb - ok
23:54:12.0786 5856 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:54:12.0833 5856 hkmsvc - ok
23:54:12.0895 5856 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:54:12.0911 5856 HpCISSs - ok
23:54:13.0067 5856 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:54:13.0082 5856 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:54:13.0082 5856 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:54:13.0113 5856 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:54:13.0129 5856 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:54:13.0129 5856 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:54:13.0223 5856 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:54:13.0238 5856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:54:13.0238 5856 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:54:13.0332 5856 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:54:13.0457 5856 HTTP - ok
23:54:13.0488 5856 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:54:13.0503 5856 i2omp - ok
23:54:13.0550 5856 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:54:13.0581 5856 i8042prt - ok
23:54:13.0628 5856 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:54:13.0659 5856 iaStorV - ok
23:54:13.0784 5856 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:54:13.0800 5856 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:54:13.0800 5856 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:54:14.0252 5856 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:54:14.0361 5856 idsvc - ok
23:54:14.0408 5856 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:54:14.0424 5856 iirsp - ok
23:54:14.0502 5856 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:54:14.0580 5856 IKEEXT - ok
23:54:15.0157 5856 IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
23:54:15.0329 5856 IntcAzAudAddService - ok
23:54:15.0672 5856 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:54:15.0687 5856 intelide - ok
23:54:15.0734 5856 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:54:15.0781 5856 intelppm - ok
23:54:15.0843 5856 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:54:15.0906 5856 IPBusEnum - ok
23:54:15.0937 5856 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:15.0999 5856 IpFilterDriver - ok
23:54:16.0062 5856 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:54:16.0109 5856 iphlpsvc - ok
23:54:16.0109 5856 IpInIp - ok
23:54:16.0187 5856 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:54:16.0233 5856 IPMIDRV - ok
23:54:16.0265 5856 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:54:16.0327 5856 IPNAT - ok
23:54:16.0358 5856 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:54:16.0389 5856 IRENUM - ok
23:54:16.0421 5856 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:54:16.0436 5856 isapnp - ok
23:54:16.0514 5856 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:54:16.0530 5856 iScsiPrt - ok
23:54:16.0623 5856 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:54:16.0639 5856 iteatapi - ok
23:54:16.0670 5856 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:54:16.0686 5856 iteraid - ok
23:54:16.0701 5856 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:54:16.0717 5856 kbdclass - ok
23:54:16.0748 5856 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:54:16.0795 5856 kbdhid - ok
23:54:16.0811 5856 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:54:16.0842 5856 KeyIso - ok
23:54:16.0920 5856 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
23:54:16.0967 5856 KSecDD - ok
23:54:17.0154 5856 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:54:17.0279 5856 KtmRm - ok
23:54:17.0372 5856 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:54:17.0388 5856 LanmanServer - ok
23:54:17.0450 5856 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:54:17.0497 5856 LanmanWorkstation - ok
23:54:17.0528 5856 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:54:17.0575 5856 lltdio - ok
23:54:17.0622 5856 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:54:17.0669 5856 lltdsvc - ok
23:54:17.0684 5856 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:54:17.0731 5856 lmhosts - ok
23:54:18.0137 5856 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:54:18.0168 5856 LSI_FC - ok
23:54:18.0199 5856 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:54:18.0215 5856 LSI_SAS - ok
23:54:18.0261 5856 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:54:18.0277 5856 LSI_SCSI - ok
23:54:18.0308 5856 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:54:18.0386 5856 luafv - ok
23:54:18.0433 5856 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:54:18.0449 5856 MBAMProtector - ok
23:54:18.0605 5856 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:54:18.0636 5856 MBAMService - ok
23:54:18.0667 5856 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:54:18.0683 5856 Mcx2Svc - ok
23:54:18.0729 5856 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:54:18.0745 5856 megasas - ok
23:54:18.0792 5856 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:54:18.0839 5856 MegaSR - ok
23:54:18.0901 5856 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:54:18.0963 5856 MMCSS - ok
23:54:18.0995 5856 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:54:19.0041 5856 Modem - ok
23:54:19.0073 5856 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:54:19.0104 5856 monitor - ok
23:54:19.0119 5856 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:54:19.0135 5856 mouclass - ok
23:54:19.0151 5856 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:54:19.0197 5856 mouhid - ok
23:54:19.0213 5856 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:54:19.0229 5856 MountMgr - ok
23:54:19.0291 5856 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:54:19.0322 5856 MpFilter - ok
23:54:19.0385 5856 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:54:19.0431 5856 mpio - ok
23:54:19.0463 5856 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:54:19.0494 5856 mpsdrv - ok
23:54:19.0556 5856 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:54:19.0634 5856 MpsSvc - ok
23:54:19.0665 5856 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:54:19.0681 5856 Mraid35x - ok
23:54:19.0712 5856 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:54:19.0759 5856 MRxDAV - ok
23:54:19.0790 5856 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:19.0899 5856 mrxsmb - ok
23:54:19.0946 5856 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:20.0009 5856 mrxsmb10 - ok
23:54:20.0024 5856 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:20.0055 5856 mrxsmb20 - ok
23:54:20.0102 5856 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
23:54:20.0118 5856 msahci - ok
23:54:20.0149 5856 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:54:20.0180 5856 msdsm - ok
23:54:20.0227 5856 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:54:20.0274 5856 MSDTC - ok
23:54:20.0289 5856 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:54:20.0352 5856 Msfs - ok
23:54:20.0367 5856 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:54:20.0383 5856 msisadrv - ok
23:54:20.0430 5856 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:54:20.0492 5856 MSiSCSI - ok
23:54:20.0492 5856 msiserver - ok
23:54:20.0539 5856 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:54:20.0586 5856 MSKSSRV - ok
23:54:20.0695 5856 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:54:20.0711 5856 MsMpSvc - ok
23:54:20.0742 5856 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:20.0789 5856 MSPCLOCK - ok
23:54:20.0804 5856 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:54:20.0835 5856 MSPQM - ok
23:54:20.0898 5856 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:54:20.0929 5856 MsRPC - ok
23:54:20.0945 5856 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:54:20.0960 5856 mssmbios - ok
23:54:21.0007 5856 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:54:21.0069 5856 MSTEE - ok
23:54:21.0101 5856 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:54:21.0116 5856 Mup - ok
23:54:21.0179 5856 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:54:21.0225 5856 napagent - ok
23:54:21.0272 5856 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:54:21.0303 5856 NativeWifiP - ok
23:54:21.0397 5856 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:54:21.0444 5856 NDIS - ok
23:54:21.0459 5856 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:21.0506 5856 NdisTapi - ok
23:54:21.0522 5856 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:21.0553 5856 Ndisuio - ok
23:54:21.0600 5856 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:21.0647 5856 NdisWan - ok
23:54:21.0678 5856 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:54:21.0709 5856 NDProxy - ok
23:54:21.0912 5856 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:54:21.0974 5856 Nero BackItUp Scheduler 3 - ok
23:54:22.0021 5856 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
23:54:22.0021 5856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:54:22.0021 5856 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:54:22.0052 5856 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:54:22.0115 5856 NetBIOS - ok
23:54:22.0161 5856 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:54:22.0193 5856 netbt - ok
23:54:22.0208 5856 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:54:22.0239 5856 Netlogon - ok
23:54:22.0286 5856 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:54:22.0364 5856 Netman - ok
23:54:22.0427 5856 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:54:22.0505 5856 netprofm - ok
23:54:22.0583 5856 netr28 (3f540b257442cc1a2220dd8f73ac1c77) C:\Windows\system32\DRIVERS\netr28.sys
23:54:22.0676 5856 netr28 - ok
23:54:22.0832 5856 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:54:22.0848 5856 NetTcpPortSharing - ok
23:54:22.0879 5856 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:54:22.0895 5856 nfrd960 - ok
23:54:22.0957 5856 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:54:22.0973 5856 NisDrv - ok
23:54:23.0066 5856 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:54:23.0113 5856 NisSrv - ok
23:54:23.0144 5856 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:54:23.0191 5856 NlaSvc - ok
23:54:23.0331 5856 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:54:23.0456 5856 NMIndexingService - ok
23:54:23.0519 5856 nmwcd (65ac8baa2f916ee9203ee48d7fcee605) C:\Windows\system32\drivers\ccdcmb.sys
23:54:23.0550 5856 nmwcd - ok
23:54:23.0581 5856 nmwcdc (29af182734a247240d89a0fe63dbef03) C:\Windows\system32\drivers\ccdcmbo.sys
23:54:23.0628 5856 nmwcdc - ok
23:54:23.0659 5856 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:54:23.0675 5856 Npfs - ok
23:54:23.0706 5856 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:54:23.0753 5856 nsi - ok
23:54:23.0768 5856 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:54:23.0799 5856 nsiproxy - ok
23:54:23.0971 5856 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:54:24.0065 5856 Ntfs - ok
23:54:24.0080 5856 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:54:24.0174 5856 ntrigdigi - ok
23:54:24.0189 5856 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:54:24.0221 5856 Null - ok
23:54:24.0267 5856 NVHDA (723931a765e8cddf7ffcb42f5a72ce79) C:\Windows\system32\drivers\nvhda32v.sys
23:54:24.0283 5856 NVHDA - ok
23:54:25.0422 5856 nvlddmkm (99a7cd6662db4e32f75a641c5d080db3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:54:25.0827 5856 nvlddmkm - ok
23:54:25.0983 5856 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:54:26.0015 5856 nvraid - ok
23:54:26.0030 5856 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:54:26.0061 5856 nvstor - ok
23:54:26.0093 5856 nvsvc (3dfd9b00aaf472042e6d4fa8ccb74efd) C:\Windows\system32\nvvsvc.exe
23:54:26.0124 5856 nvsvc - ok
23:54:26.0155 5856 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:54:26.0186 5856 nv_agp - ok
23:54:26.0202 5856 NwlnkFlt - ok
23:54:26.0202 5856 NwlnkFwd - ok
23:54:26.0342 5856 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:54:26.0389 5856 odserv - ok
23:54:26.0420 5856 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:54:26.0514 5856 ohci1394 - ok
23:54:26.0561 5856 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:26.0576 5856 ose - ok
23:54:26.0654 5856 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:54:26.0717 5856 p2pimsvc - ok
23:54:26.0732 5856 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:54:26.0763 5856 p2psvc - ok
23:54:26.0779 5856 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:54:26.0841 5856 Parport - ok
23:54:26.0873 5856 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:54:26.0888 5856 partmgr - ok
23:54:26.0904 5856 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:54:26.0966 5856 Parvdm - ok
23:54:26.0997 5856 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:54:27.0013 5856 PcaSvc - ok
23:54:27.0075 5856 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
23:54:27.0075 5856 pccsmcfd - ok
23:54:27.0122 5856 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:54:27.0138 5856 pci - ok
23:54:27.0169 5856 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:54:27.0169 5856 pciide - ok
23:54:27.0216 5856 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:54:27.0231 5856 pcmcia - ok
23:54:27.0356 5856 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:54:27.0450 5856 PEAUTH - ok
23:54:27.0590 5856 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
23:54:27.0653 5856 PhilCap - ok
23:54:27.0840 5856 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:54:27.0933 5856 pla - ok
23:54:28.0089 5856 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
23:54:28.0105 5856 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:54:28.0105 5856 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:54:28.0152 5856 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:54:28.0183 5856 PlugPlay - ok
23:54:28.0214 5856 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
23:54:28.0230 5856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:54:28.0230 5856 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:54:28.0323 5856 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:54:28.0339 5856 PNRPAutoReg - ok
23:54:28.0355 5856 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:54:28.0386 5856 PNRPsvc - ok
23:54:28.0448 5856 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:54:28.0542 5856 PolicyAgent - ok
23:54:28.0635 5856 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:54:28.0682 5856 PptpMiniport - ok
23:54:28.0713 5856 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:54:28.0760 5856 Processor - ok
23:54:28.0791 5856 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:54:28.0823 5856 ProfSvc - ok
23:54:28.0838 5856 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:54:28.0869 5856 ProtectedStorage - ok
23:54:28.0901 5856 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
23:54:28.0932 5856 ProtexisLicensing - ok
23:54:28.0979 5856 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:54:29.0025 5856 PSched - ok
23:54:29.0166 5856 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:54:29.0259 5856 ql2300 - ok
23:54:29.0275 5856 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:54:29.0306 5856 ql40xx - ok
23:54:29.0384 5856 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:54:29.0431 5856 QWAVE - ok
23:54:29.0462 5856 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:54:29.0478 5856 QWAVEdrv - ok
23:54:29.0493 5856 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:54:29.0540 5856 RasAcd - ok
23:54:29.0571 5856 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:54:29.0634 5856 RasAuto - ok
23:54:29.0665 5856 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:29.0712 5856 Rasl2tp - ok
23:54:29.0759 5856 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:54:29.0805 5856 RasMan - ok
23:54:29.0837 5856 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:29.0883 5856 RasPppoe - ok
23:54:29.0915 5856 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:54:29.0930 5856 RasSstp - ok
23:54:29.0961 5856 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:54:30.0024 5856 rdbss - ok
23:54:30.0071 5856 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:30.0117 5856 RDPCDD - ok
23:54:30.0164 5856 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:54:30.0227 5856 rdpdr - ok
23:54:30.0227 5856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:54:30.0273 5856 RDPENCDD - ok
23:54:30.0320 5856 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
23:54:30.0351 5856 RDPWD - ok
23:54:30.0414 5856 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:54:30.0461 5856 RemoteAccess - ok
23:54:30.0507 5856 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:54:30.0554 5856 RemoteRegistry - ok
23:54:30.0648 5856 resetWinService (0797f6ae018d3f992a1b8df37bbf1786) C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
23:54:30.0663 5856 resetWinService ( UnsignedFile.Multi.Generic ) - warning
23:54:30.0663 5856 resetWinService - detected UnsignedFile.Multi.Generic (1)
23:54:30.0726 5856 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:54:30.0757 5856 RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:54:30.0757 5856 RichVideo - detected UnsignedFile.Multi.Generic (1)
23:54:30.0788 5856 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:54:30.0804 5856 RpcLocator - ok
23:54:30.0897 5856 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:54:30.0944 5856 RpcSs - ok
23:54:30.0975 5856 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:54:31.0022 5856 rspndr - ok
23:54:31.0069 5856 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:54:31.0100 5856 RTL8169 - ok
23:54:31.0131 5856 RTSTOR (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
23:54:31.0163 5856 RTSTOR - ok
23:54:31.0178 5856 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:54:31.0194 5856 SamSs - ok
23:54:31.0209 5856 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:54:31.0225 5856 sbp2port - ok
23:54:31.0256 5856 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:54:31.0303 5856 SCardSvr - ok
23:54:31.0381 5856 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:54:31.0412 5856 Schedule - ok
23:54:31.0459 5856 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:54:31.0475 5856 SCPolicySvc - ok
23:54:31.0521 5856 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:54:31.0553 5856 SDRSVC - ok
23:54:31.0615 5856 se59bus (7c38fc284136981ebe002252fa0900d3) C:\Windows\system32\DRIVERS\se59bus.sys
23:54:31.0646 5856 se59bus - ok
23:54:31.0677 5856 se59obex (729dfa6451b7356834bfa6faec9e3092) C:\Windows\system32\DRIVERS\se59obex.sys
23:54:31.0709 5856 se59obex - ok
23:54:31.0740 5856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:54:31.0802 5856 secdrv - ok
23:54:31.0833 5856 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:54:31.0865 5856 seclogon - ok
23:54:31.0880 5856 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:54:31.0943 5856 SENS - ok
23:54:31.0958 5856 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:54:32.0036 5856 Serenum - ok
23:54:32.0067 5856 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:54:32.0145 5856 Serial - ok
23:54:32.0161 5856 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:54:32.0208 5856 sermouse - ok
23:54:32.0317 5856 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:54:32.0333 5856 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:54:32.0333 5856 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:54:32.0379 5856 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:54:32.0426 5856 SessionEnv - ok
23:54:32.0442 5856 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:54:32.0457 5856 sffdisk - ok
23:54:32.0489 5856 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:54:32.0535 5856 sffp_mmc - ok
23:54:32.0551 5856 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:54:32.0582 5856 sffp_sd - ok
23:54:32.0598 5856 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:54:32.0645 5856 sfloppy - ok
23:54:32.0707 5856 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:54:32.0754 5856 SharedAccess - ok
23:54:32.0801 5856 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:54:32.0832 5856 ShellHWDetection - ok
23:54:32.0847 5856 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:54:32.0879 5856 sisagp - ok
23:54:32.0894 5856 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:54:32.0910 5856 SiSRaid2 - ok
23:54:32.0941 5856 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:54:32.0957 5856 SiSRaid4 - ok
23:54:33.0331 5856 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:54:33.0487 5856 slsvc - ok
23:54:33.0643 5856 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:54:33.0674 5856 SLUINotify - ok
23:54:33.0721 5856 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:54:33.0768 5856 Smb - ok
23:54:33.0799 5856 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:54:33.0830 5856 SNMPTRAP - ok
23:54:33.0846 5856 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:54:33.0877 5856 spldr - ok
23:54:33.0908 5856 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:54:33.0939 5856 Spooler - ok
23:54:34.0002 5856 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:54:34.0033 5856 srv - ok
23:54:34.0080 5856 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:54:34.0127 5856 srv2 - ok
23:54:34.0158 5856 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:54:34.0189 5856 srvnet - ok
23:54:34.0236 5856 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:54:34.0298 5856 SSDPSRV - ok
23:54:34.0329 5856 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:54:34.0423 5856 SstpSvc - ok
23:54:34.0454 5856 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
23:54:34.0501 5856 StillCam - ok
23:54:34.0563 5856 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:54:34.0610 5856 stisvc - ok
23:54:34.0641 5856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:54:34.0657 5856 swenum - ok
23:54:34.0719 5856 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:54:34.0782 5856 swprv - ok
23:54:34.0797 5856 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:54:34.0813 5856 Symc8xx - ok
23:54:34.0829 5856 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:54:34.0844 5856 Sym_hi - ok
23:54:34.0875 5856 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:54:34.0891 5856 Sym_u3 - ok
23:54:34.0953 5856 SynTP (cb01162bd6dd7b26d4cc6dcac780e39c) C:\Windows\system32\DRIVERS\SynTP.sys
23:54:34.0969 5856 SynTP - ok
23:54:35.0047 5856 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:54:35.0125 5856 SysMain - ok
23:54:35.0156 5856 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:54:35.0203 5856 TabletInputService - ok
23:54:35.0250 5856 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:54:35.0281 5856 TapiSrv - ok
23:54:35.0297 5856 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:54:35.0359 5856 TBS - ok
23:54:35.0484 5856 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
23:54:35.0546 5856 Tcpip - ok
23:54:35.0562 5856 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
23:54:35.0624 5856 Tcpip6 - ok
23:54:35.0640 5856 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
23:54:35.0671 5856 tcpipreg - ok
23:54:35.0702 5856 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:54:35.0733 5856 TDPIPE - ok
23:54:35.0827 5856 TDslMgrService (1226a953d4fdbdfd570da5cee66eaa55) C:\Program Files\DSL-Manager\DslMgrSvc.exe
23:54:35.0858 5856 TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
23:54:35.0858 5856 TDslMgrService - detected UnsignedFile.Multi.Generic (1)
23:54:35.0874 5856 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:54:35.0921 5856 TDTCP - ok
23:54:35.0952 5856 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:54:35.0983 5856 tdx - ok
23:54:36.0014 5856 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:54:36.0030 5856 TermDD - ok
23:54:36.0108 5856 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:54:36.0155 5856 TermService - ok
23:54:36.0201 5856 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:54:36.0233 5856 Themes - ok
23:54:36.0264 5856 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:54:36.0311 5856 THREADORDER - ok
23:54:36.0326 5856 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:54:36.0389 5856 TrkWks - ok
23:54:36.0435 5856 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:54:36.0482 5856 TrustedInstaller - ok
23:54:36.0529 5856 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:36.0576 5856 tssecsrv - ok
23:54:36.0591 5856 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:54:36.0623 5856 tunmp - ok
23:54:36.0654 5856 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:54:36.0669 5856 tunnel - ok
23:54:36.0685 5856 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:54:36.0716 5856 uagp35 - ok
23:54:36.0747 5856 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:54:36.0794 5856 udfs - ok
23:54:36.0825 5856 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:54:36.0888 5856 UI0Detect - ok
23:54:36.0903 5856 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:54:36.0919 5856 uliagpkx - ok
23:54:36.0966 5856 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:54:36.0997 5856 uliahci - ok
23:54:37.0028 5856 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:54:37.0059 5856 UlSata - ok
23:54:37.0091 5856 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:54:37.0122 5856 ulsata2 - ok
23:54:37.0137 5856 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:54:37.0184 5856 umbus - ok
23:54:37.0215 5856 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:54:37.0278 5856 upnphost - ok
23:54:37.0325 5856 upperdev (2522747ba661514e3770e508cce45b64) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
23:54:37.0356 5856 upperdev - ok
23:54:37.0387 5856 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:37.0434 5856 usbccgp - ok
23:54:37.0449 5856 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:54:37.0543 5856 usbcir - ok
23:54:37.0590 5856 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:54:37.0637 5856 usbehci - ok
23:54:37.0668 5856 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:54:37.0730 5856 usbhub - ok
23:54:37.0730 5856 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:54:37.0808 5856 usbohci - ok
23:54:37.0839 5856 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:54:37.0871 5856 usbprint - ok
23:54:37.0902 5856 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:54:37.0933 5856 usbscan - ok
23:54:37.0964 5856 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
23:54:37.0980 5856 usbser - ok
23:54:38.0011 5856 UsbserFilt (8aa5f86a6c3b3234beed9556d145bfac) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
23:54:38.0042 5856 UsbserFilt - ok
23:54:38.0073 5856 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:38.0120 5856 USBSTOR - ok
23:54:38.0136 5856 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:38.0167 5856 usbuhci - ok
23:54:38.0214 5856 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:54:38.0276 5856 usbvideo - ok
23:54:38.0370 5856 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
23:54:38.0385 5856 usnjsvc - ok
23:54:38.0417 5856 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:54:38.0448 5856 UxSms - ok
23:54:38.0510 5856 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:54:38.0588 5856 vds - ok
23:54:38.0619 5856 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:38.0651 5856 vga - ok
23:54:38.0666 5856 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:54:38.0697 5856 VgaSave - ok
23:54:38.0729 5856 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:54:38.0744 5856 viaagp - ok
23:54:38.0760 5856 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:54:38.0791 5856 ViaC7 - ok
23:54:38.0807 5856 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:54:38.0822 5856 viaide - ok
23:54:38.0838 5856 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:54:38.0853 5856 volmgr - ok
23:54:38.0900 5856 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:54:38.0916 5856 volmgrx - ok
23:54:38.0978 5856 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:54:39.0009 5856 volsnap - ok
23:54:39.0025 5856 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:54:39.0056 5856 vsmraid - ok
23:54:39.0212 5856 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:54:39.0290 5856 VSS - ok
23:54:39.0368 5856 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:54:39.0446 5856 W32Time - ok
23:54:39.0509 5856 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:54:39.0587 5856 WacomPen - ok
23:54:39.0618 5856 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:39.0649 5856 Wanarp - ok
23:54:39.0649 5856 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:54:39.0680 5856 Wanarpv6 - ok
23:54:39.0743 5856 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:54:39.0789 5856 wcncsvc - ok
23:54:39.0852 5856 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:54:39.0899 5856 WcsPlugInService - ok
23:54:39.0914 5856 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:54:39.0930 5856 Wd - ok
23:54:39.0992 5856 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:54:40.0039 5856 Wdf01000 - ok
23:54:40.0055 5856 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:54:40.0117 5856 WdiServiceHost - ok
23:54:40.0117 5856 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:54:40.0164 5856 WdiSystemHost - ok
23:54:40.0211 5856 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:54:40.0242 5856 WebClient - ok
23:54:40.0289 5856 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:54:40.0320 5856 Wecsvc - ok
23:54:40.0367 5856 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:54:40.0398 5856 wercplsupport - ok
23:54:40.0429 5856 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:54:40.0460 5856 WerSvc - ok
23:54:40.0554 5856 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:54:40.0569 5856 WinDefend - ok
23:54:40.0569 5856 WinHttpAutoProxySvc - ok
23:54:40.0647 5856 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:54:40.0679 5856 Winmgmt - ok
23:54:40.0819 5856 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:54:40.0913 5856 WinRM - ok
23:54:41.0006 5856 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:54:41.0069 5856 Wlansvc - ok
23:54:41.0178 5856 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
23:54:41.0225 5856 WLSetupSvc - ok
23:54:41.0287 5856 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:54:41.0334 5856 WmiAcpi - ok
23:54:41.0396 5856 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:54:41.0459 5856 wmiApSrv - ok
23:54:41.0583 5856 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:41.0646 5856 WMPNetworkSvc - ok
23:54:41.0677 5856 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:54:41.0708 5856 WPCSvc - ok
23:54:41.0755 5856 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:54:41.0786 5856 WPDBusEnum - ok
23:54:41.0864 5856 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:54:41.0880 5856 WpdUsb - ok
23:54:42.0051 5856 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:54:42.0098 5856 WPFFontCache_v0400 - ok
23:54:42.0129 5856 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:54:42.0176 5856 ws2ifsl - ok
23:54:42.0207 5856 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
23:54:42.0239 5856 wscsvc - ok
23:54:42.0254 5856 WSearch - ok
23:54:42.0473 5856 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:54:42.0566 5856 wuauserv - ok
23:54:42.0738 5856 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:54:42.0800 5856 WUDFRd - ok
23:54:42.0831 5856 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:54:42.0878 5856 wudfsvc - ok
23:54:42.0909 5856 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
23:54:42.0925 5856 X10Hid - ok
23:54:43.0003 5856 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
23:54:43.0019 5856 x10nets ( UnsignedFile.Multi.Generic ) - warning
23:54:43.0019 5856 x10nets - detected UnsignedFile.Multi.Generic (1)
23:54:43.0050 5856 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:54:43.0487 5856 \Device\Harddisk0\DR0 - ok
23:54:43.0487 5856 Boot (0x1200) (58a0a2195f41b9277cd50f7662e37ef6) \Device\Harddisk0\DR0\Partition0
23:54:43.0487 5856 \Device\Harddisk0\DR0\Partition0 - ok
23:54:43.0502 5856 Boot (0x1200) (136a7a4db0bcad333bc025b5adcbf409) \Device\Harddisk0\DR0\Partition1
23:54:43.0502 5856 \Device\Harddisk0\DR0\Partition1 - ok
23:54:43.0502 5856 ============================================================
23:54:43.0502 5856 Scan finished
23:54:43.0502 5856 ============================================================
23:54:43.0518 4112 Detected object count: 12
23:54:43.0518 4112 Actual detected object count: 12
23:55:10.0787 4112 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0787 4112 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0802 4112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0802 4112 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0818 4112 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0818 4112 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0818 4112 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0818 4112 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0818 4112 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0818 4112 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0818 4112 TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0818 4112 TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:10.0818 4112 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:55:10.0818 4112 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 16.07.2012, 15:57

Bitte in CODE-Tags posten!!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

rooney1902 · 16.07.2012, 23:28

Code:

ATTFilter

ComboFix 12-07-16.01 - Chantal u. Ronnie 17.07.2012   0:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1989 [GMT 2:00]
ausgeführt von:: c:\users\Chantal u. Ronnie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\CddbCdda.dll
c:\windows\system32\WinIo.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 21:19 . 2012-05-31 03:41	6762896	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1756EF5-879F-4157-B60A-2EF3A66F8F94}\mpengine.dll	ERROR(0x00000005)
2012-07-15 21:59 . 2012-05-31 03:41	6762896	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2012-07-14 08:23 . 2012-07-14 08:23	--------	d-----w-	C:\_OTL
2012-07-11 20:27 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 09:58 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 09:58 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 09:58 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 09:58 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 09:58 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 09:58 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-07 12:17 . 2012-07-07 12:17	--------	d-----w-	c:\program files\ESET
2012-07-03 21:32 . 2012-07-03 21:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-03 21:32 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-03 20:56 . 2012-07-03 20:56	214	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{7ED13CE9-6E78-96C9-AAEE-8C48D48A73FB}-tmp8d5ecfe7.bat	ERROR(0x00000005)
2012-07-03 20:45 . 2012-02-09 11:17	713784	------w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B2189FD-276C-4A5E-AD54-BD273D5EE872}\gapaengine.dll	ERROR(0x00000005)
2012-06-21 08:43 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 08:43 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 08:43 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 08:43 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 08:42 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-21 08:42 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 08:42 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 08:42 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 08:42 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 14:03 . 2012-06-13 09:13	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 09:13	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 09:13	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 09:13	133120	----a-w-	c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"BsMnt"="c:\program files\BisonCam\BsMnt.exe" [2008-11-03 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Chantal u. Ronnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-6-6 1085440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2009-6-6 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-08 18:44	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-10-31 12:06	1833504	----a-w-	c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 21:35]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 21:35]
.
2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-07-07 04:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Chantal u. Ronnie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-17 00:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1568)
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\DSL-Manager\DslMgrSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-17  00:22:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-16 22:22
.
Vor Suchlauf: 10 Verzeichnis(se), 206.504.579.072 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 206.439.243.776 Bytes frei
.
- - End Of File - - C52B0C5ABD1A3FB7501307FDB4F8EB01

cosinus · 17.07.2012, 14:30

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

rooney1902 · 18.07.2012, 19:55

Das kapier ich jetzt nicht.

Was muss ich eigentlich noch alles drüber laufen lassen, mein Rechner funktioniert eigentlich wieder!
Meine Virenscanner zeigen auch nix mehr an.

cosinus · 19.07.2012, 12:30

Was ist daran so schwer zu verstehen, dass man noch auf Rootkits prüfen muss?!

rooney1902 · 24.07.2012, 21:04

Es geht darum wie ich das prüfen muss, das kapier ich nicht.
Ich bedanke mich für deine Hilfe, aber ich werde meinen Rechner jetzt doch in ein
Geschäft bringen, weil ich so nicht weiter komme.

Danke für alles!
MfG

Ronnie

cosinus · 24.07.2012, 22:04

Du sollst doch garnichts prüfen sondern nur die Logs erstellen und posten! Ist das sooo schwer?

19.07.2012, 12:30	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Platinum wieder entfernen? Was ist daran so schwer zu verstehen, dass man noch auf Rootkits prüfen muss?! __________________ Logfiles bitte immer in CODE-Tags posten

24.07.2012, 22:04	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Live Security Platinum wieder entfernen? Du sollst doch garnichts prüfen sondern nur die Logs erstellen und posten! Ist das sooo schwer? __________________ Logfiles bitte immer in CODE-Tags posten

Live Security Platinum wieder entfernen?

Log-Analyse und Auswertung: Live Security Platinum wieder entfernen?