Trojaner Pup.Blabbers

cosinus · 20.07.2012, 15:52

Zitat:

Scan Mode: Current user

Du hast den Haken bei alle Benutzer vergessen

christian85 · 20.07.2012, 17:22

Sorry,hier is der neue Log.

Code:

ATTFilter

OTL logfile created on: 20.07.2012 17:46:35 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,59% Memory free
9,47 Gb Paging File | 8,12 Gb Available in Paging File | 85,68% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 22,16 Gb Free Space | 15,38% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 92,42 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.20 06:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl(1).exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2009.10.25 14:17:24 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Neuer Ordner\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Neuer Ordner\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.09 19:46:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 19:45:26 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.12 11:43:25 | 000,091,440 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008.07.24 18:27:57 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Chris\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.03 19:06:52 | 003,772,136 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2008.07.03 19:06:48 | 003,294,720 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008.07.03 19:06:40 | 003,471,360 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008.07.03 19:06:33 | 003,607,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2008.05.21 14:00:22 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2008.05.12 22:11:04 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.05.12 22:10:54 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.05.12 17:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.23 15:58:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 23:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.09.06 16:30:18 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.09.06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.29 06:29:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.06.29 06:29:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.29 06:18:00 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.29 06:17:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.29 06:16:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.29 06:16:41 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.09.12 11:43:19 | 000,064,664 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.87-8876480SL\Program\clntutil.dll
MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.03 19:06:52 | 003,772,136 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe
MOD - [2008.05.12 22:11:06 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.05.12 22:11:02 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.04.23 15:58:20 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.04.18 10:52:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.04.18 10:52:42 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.04.18 10:52:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.04.04 03:00:58 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.03.04 23:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- D:\Neuer Ordner\Spybot -- (SBSDWSCService)
SRV - [2012.07.11 21:24:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2011.09.25 16:57:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.10.25 14:17:24 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.07.03 19:06:40 | 003,471,360 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.09.06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.09.06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.09.06 16:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2012.07.04 09:18:21 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120719.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.07.04 09:18:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.04 09:18:21 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120719.035\NAVENG.SYS -- (NAVENG)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.14 20:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120719.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012.05.31 07:57:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.03.29 08:28:37 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012.03.29 08:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012.03.29 08:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012.03.26 22:03:24 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.12.22 14:47:38 | 000,051,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.03 19:06:36 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.05.09 12:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.25 10:31:26 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.15 04:20:48 | 000,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2008.04.15 04:20:38 | 000,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2008.02.29 23:56:44 | 000,108,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2008.02.29 23:56:44 | 000,108,296 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2008.02.29 23:56:44 | 000,083,080 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2008.02.29 23:56:44 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.07.31 04:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes,DefaultScope = {084CB353-AE71-4C92-8375-5DD43F4DF8CE}
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{084CB353-AE71-4C92-8375-5DD43F4DF8CE}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBS
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.14 14:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.07.20 14:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.14 15:01:56 | 000,000,000 | ---D | M]
 
[2012.02.04 21:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2012.07.19 21:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\1ajxtb94.default\extensions
[2012.03.28 09:36:13 | 000,002,449 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1ajxtb94.default\searchplugins\safesearch.xml
[2012.07.14 15:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 14:40:18 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000..\Run: [SpybotSD TeaTimer] D:\Neuer Ordner\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{130DF8FB-FE1A-4F58-BA74-52C5BE598997}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A250EB2-C942-40C9-8010-CEC49AE5F15E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: D:\Simons Hochzeit\Simons Hochzeit 03.09.11\P1050047.JPG
O24 - Desktop BackupWallPaper: D:\Simons Hochzeit\Simons Hochzeit 03.09.11\P1050047.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 06:51:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl(1).exe
[2012.07.18 17:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.18 17:30:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 16:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.14 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.14 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.14 15:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.13 22:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012.07.13 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Fighters
[2012.07.13 22:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.07.13 22:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012.07.13 21:12:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2012.07.13 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 20:55:29 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.93de.deleteme
[2012.07.13 20:54:31 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.07.13 20:54:17 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.3da9.deleteme
[2012.07.13 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Messenger_Plus_Live
[2012.07.13 20:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.07.11 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.09 06:28:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Alex
[2012.07.05 17:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peter Games
[2012.07.05 17:32:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peter Games
[2012.07.03 18:38:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Steuer
[2012.07.03 18:07:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Buhl Data Service
[2012.07.03 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Buhl Data Service
[2012.07.03 18:06:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Buhl
[2012.07.03 17:26:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\Visagesoft
[2012.07.03 17:26:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\AIM
[2012.07.03 17:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks
[2012.07.03 17:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2011
[2012.07.03 17:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2012.07.03 17:21:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Steuer 2011
[2012.06.24 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2008.09.12 11:13:48 | 007,387,792 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Chris\ldm256_logitech.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 17:45:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 17:22:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 16:04:48 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 16:04:48 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 14:45:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 14:12:28 | 000,674,860 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.20 14:12:28 | 000,634,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.20 14:12:28 | 000,146,512 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.20 14:12:28 | 000,120,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.20 14:08:50 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.20 14:04:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.07.20 14:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 14:04:33 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 07:23:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.20 06:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl(1).exe
[2012.07.20 06:28:48 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.19 18:10:17 | 000,624,883 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2012.07.18 17:30:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Chris\Desktop\esetsmartinstaller_enu.exe
[2012.07.18 11:52:11 | 000,002,623 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Word.lnk
[2012.07.15 19:58:55 | 000,000,000 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2012.07.15 19:54:11 | 000,050,477 | ---- | M] () -- C:\Users\Chris\Desktop\Defogger.exe
[2012.07.14 16:06:18 | 000,000,846 | ---- | M] () -- C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012.07.14 15:01:58 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 21:18:18 | 000,000,039 | RH-- | M] () -- C:\Users\Chris\Desktop\stinger_10.2.0.693.opt
[2012.07.13 21:07:19 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.07.13 20:59:33 | 000,250,368 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.13 20:55:27 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.93de.deleteme
[2012.07.13 20:54:15 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.3da9.deleteme
[2012.07.13 20:52:27 | 000,002,030 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
[2012.07.12 06:47:14 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.06 16:56:49 | 000,000,734 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.05 17:32:48 | 000,000,628 | ---- | M] () -- C:\Users\Chris\Desktop\Officers.lnk
[2012.07.03 17:26:54 | 000,001,511 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.07.03 17:26:11 | 000,001,590 | ---- | M] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.19 18:10:17 | 000,624,883 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2012.07.15 19:58:55 | 000,000,000 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2012.07.15 19:54:01 | 000,050,477 | ---- | C] () -- C:\Users\Chris\Desktop\Defogger.exe
[2012.07.14 16:06:18 | 000,000,846 | ---- | C] () -- C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
[2012.07.14 15:01:58 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.14 15:01:58 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 20:52:27 | 000,002,030 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
[2012.07.13 20:52:24 | 000,000,039 | RH-- | C] () -- C:\Users\Chris\Desktop\stinger_10.2.0.693.opt
[2012.07.05 17:32:47 | 000,000,628 | ---- | C] () -- C:\Users\Chris\Desktop\Officers.lnk
[2012.07.03 18:06:30 | 000,000,734 | ---- | C] () -- C:\Windows\wiso.ini
[2012.07.03 17:26:54 | 000,001,511 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.07.03 17:26:40 | 000,000,696 | ---- | C] () -- C:\Windows\System32\jetodbc.rsp
[2012.07.03 17:26:11 | 000,001,590 | ---- | C] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2010.08.31 13:17:44 | 000,000,204 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009.03.10 17:40:12 | 000,000,916 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\EasyToolz.ini
[2009.03.07 22:32:32 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.07 22:32:27 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.26 18:42:42 | 000,024,206 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2008.10.31 14:40:26 | 000,000,114 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2008.10.28 16:32:08 | 000,008,268 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008.08.21 08:19:12 | 019,153,264 | ---- | C] () -- C:\Users\Chris\aaw2008.exe
[2008.08.20 12:59:51 | 000,022,328 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2008.07.30 16:59:59 | 000,250,368 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.12.05 00:54:22 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Roaming\.#
[2008.04.18 11:11:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer GameZone Console
[2012.07.03 18:07:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Buhl Data Service
[2009.03.10 17:04:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CPUControl
[2008.09.26 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2012.07.13 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Fighters
[2009.04.01 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2009.03.31 21:19:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011.09.21 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2010.12.14 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2011.08.16 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Uniblue
[2011.08.06 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2011.08.16 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wise Registry Cleaner
[2012.05.18 08:16:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ZalmanInstaller_otshot
[2008.04.18 11:11:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.04.18 11:11:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2012.07.20 07:23:37 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.05 00:54:22 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Roaming\.#
[2008.04.18 11:11:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acer GameZone Console
[2008.07.26 10:21:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe
[2012.07.03 18:07:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Buhl Data Service
[2009.03.10 17:04:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CPUControl
[2008.10.31 14:37:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CyberLink
[2008.09.26 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2012.07.13 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Fighters
[2009.01.19 20:27:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Google
[2008.07.24 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities
[2008.07.27 11:01:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2008.09.09 10:02:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Logitech
[2008.07.24 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2012.07.13 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2012.06.24 10:41:32 | 000,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2012.02.04 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012.05.18 08:16:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NCH Software
[2009.04.01 14:20:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2011.02.18 20:39:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Real
[2009.10.24 18:57:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Symantec
[2009.03.31 21:19:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011.09.21 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2010.12.14 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tific
[2011.08.16 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Uniblue
[2011.08.06 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2009.12.13 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011.08.16 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wise Registry Cleaner
[2008.08.18 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Xfire
[2008.08.05 15:31:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Yahoo!
[2012.05.18 08:16:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ZalmanInstaller_otshot
 
< %APPDATA%\*.exe /s >
[2008.09.09 10:02:15 | 000,010,134 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.08.16 11:44:18 | 005,592,856 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Chris\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4F636E25

< End of report >

Gruss
Chris

cosinus · 21.07.2012, 14:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = http://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
FF - user.js - File not found
[2012.03.28 09:36:13 | 000,002,449 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1ajxtb94.default\searchplugins\safesearch.xml
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000..\Run: [SpybotSD TeaTimer] D:\Neuer Ordner\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.07.13 22:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2010.12.05 00:54:22 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Roaming\.#
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4F636E25
:Files
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Chris\AppData\Roaming\Uniblue
C:\Windows\System32\AscConTest.dll
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

christian85 · 21.07.2012, 15:47

Hier ist der neue Log.Ich hoff,ich hab alles richtig gemacht...

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
File C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1ajxtb94.default\searchplugins\safesearch.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
File D:\Neuer Ordner\Spybot - Search & Destroy\TeaTimer.exe not found.
File move failed. C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\Security\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\ not found.
Registry key HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM\ not found.
Registry value HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive not found.
Registry value HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-691566535-1831531465-2982929279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Folder C:\ProgramData\clp\ not found.
Folder C:\Users\Chris\AppData\Roaming\.#\ not found.
Unable to delete ADS C:\ProgramData\TEMP:73933431 .
Unable to delete ADS C:\ProgramData\TEMP:4F636E25 .
========== FILES ==========
File\Folder C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File\Folder C:\Users\Chris\AppData\Roaming\Uniblue not found.
File\Folder C:\Windows\System32\AscConTest.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Chris
->Temp folder emptied: 236790 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 61479135 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 675 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 881390 bytes
 
Total Files Cleaned = 60,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Chris
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_164134

Files\Folders moved on Reboot...
File\Folder C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found!

PendingFileRenameOperations files...
File C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk not found!

Registry entries deleted on Reboot...

Gruss Chris

cosinus · 23.07.2012, 13:43

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

christian85 · 23.07.2012, 16:07

Hier ist dann mal der neue Log.

Code:

ATTFilter

17:01:31.0751 23352	TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
17:01:32.0511 23352	============================================================
17:01:32.0511 23352	Current date / time: 2012/07/23 17:01:32.0511
17:01:32.0511 23352	SystemInfo:
17:01:32.0511 23352	
17:01:32.0511 23352	OS Version: 6.0.6001 ServicePack: 1.0
17:01:32.0511 23352	Product type: Workstation
17:01:32.0511 23352	ComputerName: CHRIS-PC
17:01:32.0512 23352	UserName: Chris
17:01:32.0512 23352	Windows directory: C:\Windows
17:01:32.0512 23352	System windows directory: C:\Windows
17:01:32.0512 23352	Processor architecture: Intel x86
17:01:32.0512 23352	Number of processors: 2
17:01:32.0512 23352	Page size: 0x1000
17:01:32.0512 23352	Boot type: Normal boot
17:01:32.0512 23352	============================================================
17:01:33.0260 23352	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:01:33.0262 23352	============================================================
17:01:33.0262 23352	\Device\Harddisk0\DR0:
17:01:33.0263 23352	MBR partitions:
17:01:33.0263 23352	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
17:01:33.0263 23352	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x12017000
17:01:33.0263 23352	============================================================
17:01:33.0325 23352	C: <-> \Device\Harddisk0\DR0\Partition0
17:01:33.0372 23352	D: <-> \Device\Harddisk0\DR0\Partition1
17:01:33.0372 23352	============================================================
17:01:33.0372 23352	Initialize success
17:01:33.0372 23352	============================================================
17:02:17.0894 22968	============================================================
17:02:17.0894 22968	Scan started
17:02:17.0894 22968	Mode: Manual; SigCheck; TDLFS; 
17:02:17.0894 22968	============================================================
17:02:18.0393 22968	A310            (02e1c46c34f2d2843533c4f223867930) C:\Windows\system32\DRIVERS\AVerA310USB.sys
17:02:18.0526 22968	A310 - ok
17:02:18.0616 22968	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
17:02:18.0631 22968	ACPI - ok
17:02:18.0729 22968	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:02:18.0743 22968	AdobeFlashPlayerUpdateSvc - ok
17:02:18.0791 22968	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:02:18.0812 22968	adp94xx - ok
17:02:18.0855 22968	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:02:18.0870 22968	adpahci - ok
17:02:18.0896 22968	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:02:18.0908 22968	adpu160m - ok
17:02:18.0935 22968	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:02:18.0946 22968	adpu320 - ok
17:02:18.0969 22968	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:02:19.0077 22968	AeLookupSvc - ok
17:02:19.0130 22968	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
17:02:19.0197 22968	AFD - ok
17:02:19.0214 22968	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
17:02:19.0259 22968	AgereModemAudio - ok
17:02:19.0397 22968	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
17:02:19.0475 22968	AgereSoftModem - ok
17:02:19.0660 22968	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:02:19.0670 22968	agp440 - ok
17:02:19.0693 22968	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:02:19.0705 22968	aic78xx - ok
17:02:19.0733 22968	AlfaFF          (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
17:02:19.0770 22968	AlfaFF - ok
17:02:19.0790 22968	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:02:19.0933 22968	ALG - ok
17:02:19.0947 22968	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:02:19.0956 22968	aliide - ok
17:02:19.0971 22968	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:02:19.0981 22968	amdagp - ok
17:02:19.0988 22968	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:02:19.0997 22968	amdide - ok
17:02:20.0005 22968	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:02:20.0051 22968	AmdK7 - ok
17:02:20.0068 22968	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:02:20.0111 22968	AmdK8 - ok
17:02:20.0139 22968	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:02:20.0178 22968	Appinfo - ok
17:02:20.0204 22968	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:02:20.0214 22968	arc - ok
17:02:20.0239 22968	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:02:20.0249 22968	arcsas - ok
17:02:20.0333 22968	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:02:20.0342 22968	aspnet_state - ok
17:02:20.0372 22968	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:20.0421 22968	AsyncMac - ok
17:02:20.0465 22968	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
17:02:20.0475 22968	atapi - ok
17:02:20.0511 22968	ATSWPDRV        (5e19f7b730c6a32e83174e2d6fee4389) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
17:02:20.0523 22968	ATSWPDRV - ok
17:02:20.0599 22968	AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:02:20.0637 22968	AudioEndpointBuilder - ok
17:02:20.0641 22968	Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
17:02:20.0668 22968	Audiosrv - ok
17:02:20.0817 22968	Automatisches LiveUpdate - Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
17:02:20.0839 22968	Automatisches LiveUpdate - Scheduler - ok
17:02:20.0876 22968	AVFSFilter - ok
17:02:20.0949 22968	b57nd60x        (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:02:20.0990 22968	b57nd60x - ok
17:02:21.0031 22968	BDASwCap        (9347a2ddee501c242a8e21990279d688) C:\Windows\system32\drivers\AVerA310Cap.sys
17:02:21.0042 22968	BDASwCap - ok
17:02:21.0053 22968	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:02:21.0099 22968	Beep - ok
17:02:21.0157 22968	BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
17:02:21.0204 22968	BFE - ok
17:02:21.0461 22968	BHDrvx86        (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
17:02:21.0512 22968	BHDrvx86 - ok
17:02:21.0657 22968	BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
17:02:21.0757 22968	BITS - ok
17:02:21.0813 22968	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:02:21.0853 22968	blbdrive - ok
17:02:21.0890 22968	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
17:02:21.0939 22968	bowser - ok
17:02:21.0959 22968	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:02:21.0995 22968	BrFiltLo - ok
17:02:22.0014 22968	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:02:22.0061 22968	BrFiltUp - ok
17:02:22.0095 22968	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:02:22.0152 22968	Browser - ok
17:02:22.0179 22968	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:02:22.0393 22968	Brserid - ok
17:02:22.0417 22968	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:02:22.0466 22968	BrSerWdm - ok
17:02:22.0484 22968	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:02:22.0540 22968	BrUsbMdm - ok
17:02:22.0554 22968	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:02:22.0601 22968	BrUsbSer - ok
17:02:22.0625 22968	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:02:22.0680 22968	BTHMODEM - ok
17:02:22.0714 22968	BthServ         (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
17:02:22.0737 22968	BthServ - ok
17:02:22.0814 22968	BUNAgentSvc     (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
17:02:22.0830 22968	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
17:02:22.0831 22968	BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
17:02:22.0902 22968	ccEvtMgr        (d1c87cd3bd90ee509d1bf3973c7d5b0a) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:02:22.0912 22968	ccEvtMgr - ok
17:02:22.0915 22968	ccSetMgr        (d1c87cd3bd90ee509d1bf3973c7d5b0a) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:02:22.0923 22968	ccSetMgr - ok
17:02:23.0035 22968	ccSet_NIS       (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
17:02:23.0047 22968	ccSet_NIS - ok
17:02:23.0074 22968	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:02:23.0107 22968	cdfs - ok
17:02:23.0142 22968	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
17:02:23.0183 22968	cdrom - ok
17:02:23.0216 22968	CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:02:23.0259 22968	CertPropSvc - ok
17:02:23.0285 22968	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
17:02:23.0320 22968	circlass - ok
17:02:23.0363 22968	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
17:02:23.0377 22968	CLFS - ok
17:02:23.0456 22968	CLHNService     (5ca9b1062c0c3e3ae19c23ad9d8a5048) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
17:02:23.0471 22968	CLHNService ( UnsignedFile.Multi.Generic ) - warning
17:02:23.0471 22968	CLHNService - detected UnsignedFile.Multi.Generic (1)
17:02:23.0551 22968	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:23.0561 22968	clr_optimization_v2.0.50727_32 - ok
17:02:23.0652 22968	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:23.0665 22968	clr_optimization_v4.0.30319_32 - ok
17:02:23.0737 22968	CLTNetCnService (d1c87cd3bd90ee509d1bf3973c7d5b0a) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:02:23.0745 22968	CLTNetCnService - ok
17:02:23.0773 22968	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:23.0811 22968	CmBatt - ok
17:02:23.0834 22968	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:02:23.0844 22968	cmdide - ok
17:02:23.0856 22968	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:02:23.0865 22968	Compbatt - ok
17:02:23.0869 22968	COMSysApp - ok
17:02:23.0875 22968	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:02:23.0885 22968	crcdisk - ok
17:02:23.0899 22968	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:02:23.0933 22968	Crusoe - ok
17:02:23.0993 22968	CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
17:02:24.0035 22968	CryptSvc - ok
17:02:24.0101 22968	DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:02:24.0179 22968	DcomLaunch - ok
17:02:24.0214 22968	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
17:02:24.0253 22968	DfsC - ok
17:02:24.0626 22968	DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
17:02:24.0745 22968	DFSR - ok
17:02:25.0016 22968	Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
17:02:25.0069 22968	Dhcp - ok
17:02:25.0136 22968	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
17:02:25.0146 22968	disk - ok
17:02:25.0168 22968	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
17:02:25.0178 22968	DKbFltr - ok
17:02:25.0385 22968	Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
17:02:25.0434 22968	Dnscache - ok
17:02:25.0473 22968	dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
17:02:25.0498 22968	dot3svc - ok
17:02:25.0538 22968	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:02:25.0578 22968	DPS - ok
17:02:25.0618 22968	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:02:25.0637 22968	drmkaud - ok
17:02:25.0737 22968	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
17:02:25.0818 22968	DXGKrnl - ok
17:02:25.0843 22968	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:02:25.0867 22968	E1G60 - ok
17:02:25.0911 22968	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:02:25.0931 22968	EapHost - ok
17:02:25.0958 22968	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
17:02:25.0969 22968	Ecache - ok
17:02:26.0067 22968	eDataSecurity Service (b7dc2580425225c320ceda78de55a3d0) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
17:02:26.0100 22968	eDataSecurity Service - ok
17:02:26.0217 22968	eeCtrl          (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:02:26.0238 22968	eeCtrl - ok
17:02:26.0291 22968	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:02:26.0327 22968	ehRecvr - ok
17:02:26.0345 22968	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:02:26.0395 22968	ehSched - ok
17:02:26.0410 22968	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:02:26.0434 22968	ehstart - ok
17:02:26.0566 22968	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:02:26.0585 22968	elxstor - ok
17:02:26.0675 22968	EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
17:02:26.0738 22968	EMDMgmt - ok
17:02:26.0874 22968	EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:02:26.0884 22968	EraserUtilRebootDrv - ok
17:02:26.0899 22968	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:02:26.0936 22968	ErrDev - ok
17:02:26.0986 22968	ETService       (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
17:02:27.0003 22968	ETService ( UnsignedFile.Multi.Generic ) - warning
17:02:27.0003 22968	ETService - detected UnsignedFile.Multi.Generic (1)
17:02:27.0070 22968	EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
17:02:27.0108 22968	EventSystem - ok
17:02:27.0154 22968	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
17:02:27.0195 22968	exfat - ok
17:02:27.0226 22968	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
17:02:27.0261 22968	fastfat - ok
17:02:27.0278 22968	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:02:27.0313 22968	fdc - ok
17:02:27.0346 22968	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:02:27.0381 22968	fdPHost - ok
17:02:27.0398 22968	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:02:27.0457 22968	FDResPub - ok
17:02:27.0474 22968	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:02:27.0484 22968	FileInfo - ok
17:02:27.0495 22968	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:02:27.0535 22968	Filetrace - ok
17:02:27.0557 22968	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:27.0580 22968	flpydisk - ok
17:02:27.0601 22968	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
17:02:27.0613 22968	FltMgr - ok
17:02:27.0700 22968	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:02:27.0710 22968	FontCache3.0.0.0 - ok
17:02:27.0724 22968	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:02:27.0751 22968	Fs_Rec - ok
17:02:27.0772 22968	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:02:27.0782 22968	gagp30kx - ok
17:02:27.0887 22968	gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
17:02:27.0938 22968	gpsvc - ok
17:02:28.0000 22968	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:02:28.0010 22968	gupdate - ok
17:02:28.0014 22968	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:02:28.0022 22968	gupdatem - ok
17:02:28.0070 22968	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:02:28.0080 22968	gusvc - ok
17:02:28.0136 22968	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:02:28.0187 22968	HdAudAddService - ok
17:02:28.0222 22968	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:02:28.0257 22968	HDAudBus - ok
17:02:28.0277 22968	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:02:28.0330 22968	HidBth - ok
17:02:28.0335 22968	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
17:02:28.0367 22968	HidIr - ok
17:02:28.0421 22968	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
17:02:28.0462 22968	hidserv - ok
17:02:28.0496 22968	HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
17:02:28.0520 22968	HidUsb - ok
17:02:28.0543 22968	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:02:28.0588 22968	hkmsvc - ok
17:02:28.0610 22968	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:02:28.0620 22968	HpCISSs - ok
17:02:28.0683 22968	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
17:02:28.0727 22968	HTTP - ok
17:02:28.0751 22968	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:02:28.0760 22968	i2omp - ok
17:02:28.0787 22968	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:02:28.0819 22968	i8042prt - ok
17:02:28.0930 22968	IAANTMON        (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:02:28.0948 22968	IAANTMON - ok
17:02:28.0986 22968	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
17:02:28.0999 22968	iaStor - ok
17:02:29.0039 22968	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:02:29.0053 22968	iaStorV - ok
17:02:29.0125 22968	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:02:29.0147 22968	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:02:29.0147 22968	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:02:29.0305 22968	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:02:29.0352 22968	idsvc - ok
17:02:29.0550 22968	IDSVix86        (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120720.001\IDSvix86.sys
17:02:29.0580 22968	IDSVix86 - ok
17:02:29.0932 22968	IGBASVC         (60a52c8e2e25c62ec8359c28a4af6e25) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
17:02:30.0095 22968	IGBASVC ( UnsignedFile.Multi.Generic ) - warning
17:02:30.0095 22968	IGBASVC - detected UnsignedFile.Multi.Generic (1)
17:02:30.0259 22968	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:02:30.0268 22968	iirsp - ok
17:02:30.0343 22968	IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
17:02:30.0394 22968	IKEEXT - ok
17:02:30.0422 22968	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
17:02:30.0449 22968	int15 ( UnsignedFile.Multi.Generic ) - warning
17:02:30.0449 22968	int15 - detected UnsignedFile.Multi.Generic (1)
17:02:30.0666 22968	IntcAzAudAddService (3cfa12fefea751dae7b8133a6ef3c0d9) C:\Windows\system32\drivers\RTKVHDA.sys
17:02:30.0759 22968	IntcAzAudAddService - ok
17:02:30.0913 22968	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:02:30.0922 22968	intelide - ok
17:02:30.0952 22968	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:02:30.0992 22968	intelppm - ok
17:02:31.0021 22968	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:02:31.0058 22968	IPBusEnum - ok
17:02:31.0084 22968	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:31.0119 22968	IpFilterDriver - ok
17:02:31.0166 22968	iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
17:02:31.0212 22968	iphlpsvc - ok
17:02:31.0216 22968	IpInIp - ok
17:02:31.0245 22968	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:02:31.0286 22968	IPMIDRV - ok
17:02:31.0308 22968	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:02:31.0332 22968	IPNAT - ok
17:02:31.0342 22968	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:02:31.0365 22968	IRENUM - ok
17:02:31.0382 22968	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:02:31.0392 22968	isapnp - ok
17:02:31.0437 22968	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
17:02:31.0448 22968	iScsiPrt - ok
17:02:31.0466 22968	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:02:31.0476 22968	iteatapi - ok
17:02:31.0494 22968	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:02:31.0503 22968	iteraid - ok
17:02:31.0522 22968	JMCR            (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
17:02:31.0562 22968	JMCR - ok
17:02:31.0584 22968	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:02:31.0594 22968	kbdclass - ok
17:02:31.0614 22968	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
17:02:31.0655 22968	kbdhid - ok
17:02:31.0692 22968	KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:02:31.0739 22968	KeyIso - ok
17:02:31.0810 22968	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
17:02:31.0844 22968	KSecDD - ok
17:02:31.0926 22968	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:02:31.0958 22968	KtmRm - ok
17:02:32.0032 22968	LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
17:02:32.0070 22968	LanmanServer - ok
17:02:32.0118 22968	LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
17:02:32.0158 22968	LanmanWorkstation - ok
17:02:32.0162 22968	Lbd - ok
17:02:32.0277 22968	LBTServ         (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
17:02:32.0288 22968	LBTServ - ok
17:02:32.0328 22968	LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:02:32.0336 22968	LHidFilt - ok
17:02:32.0376 22968	LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:02:32.0382 22968	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:02:32.0382 22968	LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:02:32.0681 22968	LiveUpdate      (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:02:32.0795 22968	LiveUpdate - ok
17:02:32.0984 22968	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:02:33.0018 22968	lltdio - ok
17:02:33.0057 22968	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:02:33.0097 22968	lltdsvc - ok
17:02:33.0113 22968	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:02:33.0153 22968	lmhosts - ok
17:02:33.0190 22968	LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:02:33.0199 22968	LMouFilt - ok
17:02:33.0222 22968	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:02:33.0233 22968	LSI_FC - ok
17:02:33.0249 22968	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:02:33.0259 22968	LSI_SAS - ok
17:02:33.0278 22968	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:02:33.0288 22968	LSI_SCSI - ok
17:02:33.0308 22968	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:02:33.0332 22968	luafv - ok
17:02:33.0363 22968	LUsbFilt        (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
17:02:33.0372 22968	LUsbFilt - ok
17:02:33.0383 22968	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:02:33.0405 22968	Mcx2Svc - ok
17:02:33.0430 22968	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:02:33.0440 22968	megasas - ok
17:02:33.0489 22968	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:02:33.0510 22968	MegaSR - ok
17:02:33.0540 22968	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:02:33.0574 22968	MMCSS - ok
17:02:33.0617 22968	MobilityService - ok
17:02:33.0646 22968	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:02:33.0677 22968	Modem - ok
17:02:33.0697 22968	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:02:33.0721 22968	monitor - ok
17:02:33.0729 22968	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:02:33.0739 22968	mouclass - ok
17:02:33.0749 22968	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:02:33.0786 22968	mouhid - ok
17:02:33.0813 22968	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:02:33.0823 22968	MountMgr - ok
17:02:33.0896 22968	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:02:33.0907 22968	MozillaMaintenance - ok
17:02:33.0929 22968	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:02:33.0940 22968	mpio - ok
17:02:33.0958 22968	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:02:33.0986 22968	mpsdrv - ok
17:02:34.0069 22968	MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
17:02:34.0120 22968	MpsSvc - ok
17:02:34.0140 22968	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:02:34.0149 22968	Mraid35x - ok
17:02:34.0180 22968	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
17:02:34.0226 22968	MRxDAV - ok
17:02:34.0268 22968	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:34.0309 22968	mrxsmb - ok
17:02:34.0360 22968	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:34.0382 22968	mrxsmb10 - ok
17:02:34.0402 22968	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:34.0424 22968	mrxsmb20 - ok
17:02:34.0449 22968	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:02:34.0458 22968	msahci - ok
17:02:34.0479 22968	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:02:34.0490 22968	msdsm - ok
17:02:34.0514 22968	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:02:34.0540 22968	MSDTC - ok
17:02:34.0555 22968	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:02:34.0585 22968	Msfs - ok
17:02:34.0598 22968	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:02:34.0607 22968	msisadrv - ok
17:02:34.0636 22968	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:02:34.0671 22968	MSiSCSI - ok
17:02:34.0675 22968	msiserver - ok
17:02:34.0691 22968	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:02:34.0732 22968	MSKSSRV - ok
17:02:34.0751 22968	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:34.0773 22968	MSPCLOCK - ok
17:02:34.0783 22968	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:02:34.0807 22968	MSPQM - ok
17:02:34.0840 22968	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
17:02:34.0851 22968	MsRPC - ok
17:02:34.0870 22968	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:02:34.0879 22968	mssmbios - ok
17:02:34.0890 22968	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:02:34.0913 22968	MSTEE - ok
17:02:34.0921 22968	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
17:02:34.0931 22968	Mup - ok
17:02:34.0986 22968	napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
17:02:35.0016 22968	napagent - ok
17:02:35.0061 22968	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
17:02:35.0088 22968	NativeWifiP - ok
17:02:35.0234 22968	NAVENG          (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120722.006\NAVENG.SYS
17:02:35.0245 22968	NAVENG - ok
17:02:35.0412 22968	NAVEX15         (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120722.006\NAVEX15.SYS
17:02:35.0489 22968	NAVEX15 - ok
17:02:35.0751 22968	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
17:02:35.0792 22968	NDIS - ok
17:02:35.0854 22968	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:35.0890 22968	NdisTapi - ok
17:02:35.0928 22968	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:35.0952 22968	Ndisuio - ok
17:02:35.0971 22968	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:35.0995 22968	NdisWan - ok
17:02:36.0001 22968	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:02:36.0021 22968	NDProxy - ok
17:02:36.0029 22968	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:02:36.0069 22968	NetBIOS - ok
17:02:36.0090 22968	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
17:02:36.0125 22968	netbt - ok
17:02:36.0161 22968	Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:02:36.0175 22968	Netlogon - ok
17:02:36.0232 22968	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:02:36.0278 22968	Netman - ok
17:02:36.0312 22968	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:02:36.0339 22968	netprofm - ok
17:02:36.0423 22968	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:36.0432 22968	NetTcpPortSharing - ok
17:02:36.0797 22968	NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
17:02:37.0002 22968	NETw5v32 - ok
17:02:37.0186 22968	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:02:37.0196 22968	nfrd960 - ok
17:02:37.0316 22968	NIS             (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
17:02:37.0326 22968	NIS - ok
17:02:37.0366 22968	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:02:37.0408 22968	NlaSvc - ok
17:02:37.0427 22968	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
17:02:37.0493 22968	Npfs - ok
17:02:37.0528 22968	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:02:37.0553 22968	nsi - ok
17:02:37.0595 22968	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:02:37.0631 22968	nsiproxy - ok
17:02:37.0764 22968	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
17:02:37.0835 22968	Ntfs - ok
17:02:37.0906 22968	NTIBackupSvc    (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
17:02:37.0927 22968	NTIBackupSvc - ok
17:02:38.0106 22968	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:02:38.0114 22968	NTIDrvr - ok
17:02:38.0202 22968	NTIPPKernel     (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
17:02:38.0210 22968	NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
17:02:38.0210 22968	NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
17:02:38.0246 22968	NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
17:02:38.0253 22968	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
17:02:38.0253 22968	NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
17:02:38.0270 22968	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:02:38.0322 22968	ntrigdigi - ok
17:02:38.0340 22968	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:02:38.0364 22968	Null - ok
17:02:38.0404 22968	NVHDA           (590caa306f9e7c303905b738ebdfe2e2) C:\Windows\system32\drivers\nvhda32v.sys
17:02:38.0413 22968	NVHDA - ok
17:02:39.0092 22968	nvlddmkm        (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:02:39.0476 22968	nvlddmkm - ok
17:02:39.0667 22968	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:02:39.0678 22968	nvraid - ok
17:02:39.0700 22968	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:02:39.0710 22968	nvstor - ok
17:02:39.0754 22968	nvsvc           (a1da6d6d706ba55348db4ba688f37ca5) C:\Windows\system32\nvvsvc.exe
17:02:39.0767 22968	nvsvc - ok
17:02:39.0787 22968	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:02:39.0797 22968	nv_agp - ok
17:02:39.0801 22968	NwlnkFlt - ok
17:02:39.0806 22968	NwlnkFwd - ok
17:02:39.0827 22968	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:02:39.0865 22968	ohci1394 - ok
17:02:39.0960 22968	p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:02:40.0043 22968	p2pimsvc - ok
17:02:40.0051 22968	p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:02:40.0111 22968	p2psvc - ok
17:02:40.0158 22968	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:02:40.0244 22968	Parport - ok
17:02:40.0262 22968	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
17:02:40.0272 22968	partmgr - ok
17:02:40.0285 22968	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:02:40.0324 22968	Parvdm - ok
17:02:40.0356 22968	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:02:40.0380 22968	PcaSvc - ok
17:02:40.0423 22968	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
17:02:40.0435 22968	pci - ok
17:02:40.0450 22968	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:02:40.0459 22968	pciide - ok
17:02:40.0489 22968	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:02:40.0502 22968	pcmcia - ok
17:02:40.0603 22968	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:02:40.0692 22968	PEAUTH - ok
17:02:40.0877 22968	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:02:40.0969 22968	pla - ok
17:02:41.0163 22968	PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
17:02:41.0191 22968	PlugPlay - ok
17:02:41.0232 22968	PnkBstrA        (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
17:02:41.0243 22968	PnkBstrA - ok
17:02:41.0332 22968	PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:02:41.0356 22968	PNRPAutoReg - ok
17:02:41.0390 22968	PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
17:02:41.0414 22968	PNRPsvc - ok
17:02:41.0486 22968	PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
17:02:41.0551 22968	PolicyAgent - ok
17:02:41.0602 22968	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:02:41.0638 22968	PptpMiniport - ok
17:02:41.0669 22968	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:02:41.0693 22968	Processor - ok
17:02:41.0745 22968	ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
17:02:41.0784 22968	ProfSvc - ok
17:02:41.0802 22968	ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:02:41.0816 22968	ProtectedStorage - ok
17:02:41.0861 22968	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
17:02:41.0898 22968	PSched - ok
17:02:41.0914 22968	PSDFilter       (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
17:02:41.0923 22968	PSDFilter - ok
17:02:41.0929 22968	PSDNServ        (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
17:02:41.0938 22968	PSDNServ - ok
17:02:41.0963 22968	psdvdisk        (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
17:02:41.0972 22968	psdvdisk - ok
17:02:42.0115 22968	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:02:42.0178 22968	ql2300 - ok
17:02:42.0201 22968	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:02:42.0212 22968	ql40xx - ok
17:02:42.0256 22968	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:02:42.0292 22968	QWAVE - ok
17:02:42.0314 22968	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:02:42.0327 22968	QWAVEdrv - ok
17:02:42.0399 22968	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
17:02:42.0410 22968	RapiMgr - ok
17:02:42.0424 22968	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:02:42.0462 22968	RasAcd - ok
17:02:42.0485 22968	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:02:42.0528 22968	RasAuto - ok
17:02:42.0558 22968	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:02:42.0597 22968	Rasl2tp - ok
17:02:42.0646 22968	RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
17:02:42.0676 22968	RasMan - ok
17:02:42.0696 22968	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
17:02:42.0728 22968	RasPppoe - ok
17:02:42.0754 22968	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
17:02:42.0778 22968	RasSstp - ok
17:02:42.0808 22968	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
17:02:42.0833 22968	rdbss - ok
17:02:42.0843 22968	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:02:42.0884 22968	RDPCDD - ok
17:02:42.0924 22968	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:02:42.0951 22968	rdpdr - ok
17:02:42.0956 22968	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:02:42.0987 22968	RDPENCDD - ok
17:02:43.0016 22968	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
17:02:43.0041 22968	RDPWD - ok
17:02:43.0079 22968	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:02:43.0124 22968	RemoteAccess - ok
17:02:43.0172 22968	RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
17:02:43.0200 22968	RemoteRegistry - ok
17:02:43.0231 22968	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:02:43.0280 22968	RpcLocator - ok
17:02:43.0358 22968	RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
17:02:43.0381 22968	RpcSs - ok
17:02:43.0415 22968	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:02:43.0439 22968	rspndr - ok
17:02:43.0458 22968	SamSs           (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
17:02:43.0473 22968	SamSs - ok
17:02:43.0493 22968	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:02:43.0503 22968	sbp2port - ok
17:02:43.0679 22968	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) D:\Neuer Ordner\Spybot - Search & Destroy\SDWinSec.exe
17:02:43.0761 22968	SBSDWSCService - ok
17:02:43.0791 22968	SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
17:02:43.0842 22968	SCardSvr - ok
17:02:43.0925 22968	Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
17:02:43.0986 22968	Schedule - ok
17:02:44.0018 22968	SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
17:02:44.0042 22968	SCPolicySvc - ok
17:02:44.0060 22968	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
17:02:44.0084 22968	sdbus - ok
17:02:44.0095 22968	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:02:44.0144 22968	SDRSVC - ok
17:02:44.0164 22968	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:02:44.0211 22968	secdrv - ok
17:02:44.0232 22968	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:02:44.0258 22968	seclogon - ok
17:02:44.0267 22968	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:02:44.0305 22968	SENS - ok
17:02:44.0328 22968	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:02:44.0366 22968	Serenum - ok
17:02:44.0386 22968	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:02:44.0439 22968	Serial - ok
17:02:44.0461 22968	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:02:44.0483 22968	sermouse - ok
17:02:44.0511 22968	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:02:44.0539 22968	SessionEnv - ok
17:02:44.0551 22968	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:02:44.0569 22968	sffdisk - ok
17:02:44.0577 22968	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:02:44.0611 22968	sffp_mmc - ok
17:02:44.0633 22968	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:02:44.0666 22968	sffp_sd - ok
17:02:44.0687 22968	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:02:44.0726 22968	sfloppy - ok
17:02:44.0793 22968	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:02:44.0822 22968	SharedAccess - ok
17:02:44.0875 22968	ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
17:02:44.0914 22968	ShellHWDetection - ok
17:02:44.0953 22968	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:02:44.0963 22968	sisagp - ok
17:02:44.0969 22968	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:02:44.0978 22968	SiSRaid2 - ok
17:02:44.0998 22968	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:02:45.0010 22968	SiSRaid4 - ok
17:02:45.0312 22968	slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
17:02:45.0449 22968	slsvc - ok
17:02:45.0613 22968	SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
17:02:45.0656 22968	SLUINotify - ok
17:02:45.0711 22968	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
17:02:45.0750 22968	Smb - ok
17:02:45.0782 22968	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:02:45.0814 22968	SNMPTRAP - ok
17:02:45.0952 22968	SPBBCDrv        (cb5a4e90451d80d415f0a6dbb86d1d9f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:02:45.0972 22968	SPBBCDrv - ok
17:02:45.0978 22968	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:02:45.0988 22968	spldr - ok
17:02:46.0029 22968	Spooler         (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
17:02:46.0070 22968	Spooler - ok
17:02:46.0194 22968	SRTSP           (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
17:02:46.0226 22968	SRTSP - ok
17:02:46.0255 22968	SRTSPX          (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
17:02:46.0264 22968	SRTSPX - ok
17:02:46.0323 22968	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
17:02:46.0350 22968	srv - ok
17:02:46.0394 22968	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
17:02:46.0430 22968	srv2 - ok
17:02:46.0468 22968	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
17:02:46.0491 22968	srvnet - ok
17:02:46.0533 22968	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:02:46.0573 22968	SSDPSRV - ok
17:02:46.0603 22968	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:02:46.0636 22968	SstpSvc - ok
17:02:46.0696 22968	Steam Client Service - ok
17:02:46.0786 22968	stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
17:02:46.0851 22968	stisvc - ok
17:02:46.0879 22968	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:02:46.0889 22968	swenum - ok
17:02:46.0932 22968	swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
17:02:46.0973 22968	swprv - ok
17:02:47.0161 22968	Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
17:02:47.0236 22968	Symantec Core LC - ok
17:02:47.0442 22968	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:02:47.0452 22968	Symc8xx - ok
17:02:47.0562 22968	SymDS           (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
17:02:47.0576 22968	SymDS - ok
17:02:47.0700 22968	SymEFA          (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
17:02:47.0748 22968	SymEFA - ok
17:02:47.0814 22968	SymEvent        (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:02:47.0825 22968	SymEvent - ok
17:02:47.0888 22968	SymIRON         (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
17:02:47.0900 22968	SymIRON - ok
17:02:47.0944 22968	SYMTDIv         (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1307010.005\SYMTDIV.SYS
17:02:47.0963 22968	SYMTDIv - ok
17:02:47.0991 22968	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:02:48.0001 22968	Sym_hi - ok
17:02:48.0015 22968	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:02:48.0025 22968	Sym_u3 - ok
17:02:48.0056 22968	SynTP           (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
17:02:48.0068 22968	SynTP - ok
17:02:48.0168 22968	SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
17:02:48.0214 22968	SysMain - ok
17:02:48.0258 22968	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:02:48.0310 22968	TabletInputService - ok
17:02:48.0362 22968	TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
17:02:48.0391 22968	TapiSrv - ok
17:02:48.0422 22968	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:02:48.0458 22968	TBS - ok
17:02:48.0574 22968	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
17:02:48.0644 22968	Tcpip - ok
17:02:48.0654 22968	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
17:02:48.0713 22968	Tcpip6 - ok
17:02:48.0744 22968	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
17:02:48.0776 22968	tcpipreg - ok
17:02:48.0808 22968	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:02:48.0831 22968	TDPIPE - ok
17:02:48.0844 22968	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:02:48.0867 22968	TDTCP - ok
17:02:48.0884 22968	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
17:02:48.0921 22968	tdx - ok
17:02:48.0953 22968	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
17:02:48.0963 22968	TermDD - ok
17:02:49.0054 22968	TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
17:02:49.0095 22968	TermService - ok
17:02:49.0156 22968	Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
17:02:49.0175 22968	Themes - ok
17:02:49.0205 22968	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:02:49.0230 22968	THREADORDER - ok
17:02:49.0249 22968	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:02:49.0276 22968	TrkWks - ok
17:02:49.0339 22968	TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
17:02:49.0372 22968	TrustedInstaller - ok
17:02:49.0401 22968	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:49.0424 22968	tssecsrv - ok
17:02:49.0443 22968	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:02:49.0460 22968	tunmp - ok
17:02:49.0480 22968	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
17:02:49.0494 22968	tunnel - ok
17:02:49.0515 22968	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:02:49.0525 22968	uagp35 - ok
17:02:49.0541 22968	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
17:02:49.0549 22968	UBHelper - ok
17:02:49.0581 22968	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
17:02:49.0606 22968	udfs - ok
17:02:49.0640 22968	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:02:49.0677 22968	UI0Detect - ok
17:02:49.0699 22968	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:02:49.0709 22968	uliagpkx - ok
17:02:49.0747 22968	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:02:49.0761 22968	uliahci - ok
17:02:49.0777 22968	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:02:49.0789 22968	UlSata - ok
17:02:49.0815 22968	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:02:49.0827 22968	ulsata2 - ok
17:02:49.0847 22968	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:02:49.0879 22968	umbus - ok
17:02:49.0917 22968	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:02:49.0947 22968	upnphost - ok
17:02:49.0983 22968	usbccgp         (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:50.0009 22968	usbccgp - ok
17:02:50.0030 22968	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:02:50.0070 22968	usbcir - ok
17:02:50.0106 22968	usbehci         (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
17:02:50.0118 22968	usbehci - ok
17:02:50.0164 22968	usbhub          (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
17:02:50.0198 22968	usbhub - ok
17:02:50.0215 22968	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:02:50.0254 22968	usbohci - ok
17:02:50.0267 22968	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:02:50.0305 22968	usbprint - ok
17:02:50.0326 22968	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:50.0368 22968	USBSTOR - ok
17:02:50.0402 22968	usbuhci         (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:02:50.0415 22968	usbuhci - ok
17:02:50.0432 22968	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:02:50.0465 22968	usbvideo - ok
17:02:50.0481 22968	usb_rndisx      (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
17:02:50.0504 22968	usb_rndisx - ok
17:02:50.0554 22968	UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
17:02:50.0591 22968	UxSms - ok
17:02:50.0642 22968	vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
17:02:50.0676 22968	vds - ok
17:02:50.0697 22968	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:50.0739 22968	vga - ok
17:02:50.0744 22968	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:02:50.0767 22968	VgaSave - ok
17:02:50.0784 22968	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:02:50.0794 22968	viaagp - ok
17:02:50.0807 22968	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:02:50.0830 22968	ViaC7 - ok
17:02:50.0838 22968	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:02:50.0848 22968	viaide - ok
17:02:50.0867 22968	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:02:50.0877 22968	volmgr - ok
17:02:50.0908 22968	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
17:02:50.0922 22968	volmgrx - ok
17:02:50.0963 22968	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
17:02:50.0975 22968	volsnap - ok
17:02:51.0000 22968	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:02:51.0012 22968	vsmraid - ok
17:02:51.0159 22968	VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
17:02:51.0234 22968	VSS - ok
17:02:51.0277 22968	W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
17:02:51.0319 22968	W32Time - ok
17:02:51.0374 22968	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:02:51.0422 22968	WacomPen - ok
17:02:51.0443 22968	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:51.0474 22968	Wanarp - ok
17:02:51.0477 22968	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:51.0497 22968	Wanarpv6 - ok
17:02:51.0584 22968	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
17:02:51.0602 22968	WcesComm - ok
17:02:51.0653 22968	wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
17:02:51.0679 22968	wcncsvc - ok
17:02:51.0699 22968	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:02:51.0737 22968	WcsPlugInService - ok
17:02:51.0760 22968	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:02:51.0769 22968	Wd - ok
17:02:51.0822 22968	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:02:51.0858 22968	Wdf01000 - ok
17:02:51.0895 22968	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:02:51.0935 22968	WdiServiceHost - ok
17:02:51.0947 22968	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:02:51.0974 22968	WdiSystemHost - ok
17:02:52.0032 22968	WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
17:02:52.0062 22968	WebClient - ok
17:02:52.0106 22968	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:02:52.0147 22968	Wecsvc - ok
17:02:52.0176 22968	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:02:52.0198 22968	wercplsupport - ok
17:02:52.0233 22968	WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
17:02:52.0268 22968	WerSvc - ok
17:02:52.0290 22968	winbondcir      (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
17:02:52.0335 22968	winbondcir - ok
17:02:52.0420 22968	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:02:52.0434 22968	WinDefend - ok
17:02:52.0439 22968	WinHttpAutoProxySvc - ok
17:02:52.0511 22968	Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
17:02:52.0549 22968	Winmgmt - ok
17:02:52.0696 22968	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:02:52.0771 22968	WinRM - ok
17:02:52.0845 22968	WINUSB          (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:02:52.0882 22968	WINUSB - ok
17:02:52.0960 22968	Wlansvc         (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
17:02:53.0050 22968	Wlansvc - ok
17:02:53.0073 22968	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:02:53.0108 22968	WmiAcpi - ok
17:02:53.0199 22968	wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
17:02:53.0235 22968	wmiApSrv - ok
17:02:53.0405 22968	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:02:53.0474 22968	WMPNetworkSvc - ok
17:02:53.0511 22968	WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
17:02:53.0543 22968	WPCSvc - ok
17:02:53.0564 22968	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
17:02:53.0610 22968	WPDBusEnum - ok
17:02:53.0819 22968	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:02:53.0862 22968	WPFFontCache_v0400 - ok
17:02:53.0922 22968	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:02:53.0945 22968	ws2ifsl - ok
17:02:54.0011 22968	wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
17:02:54.0028 22968	wscsvc - ok
17:02:54.0031 22968	WSearch - ok
17:02:54.0244 22968	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:02:54.0345 22968	wuauserv - ok
17:02:54.0534 22968	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:54.0559 22968	WUDFRd - ok
17:02:54.0588 22968	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:02:54.0632 22968	wudfsvc - ok
17:02:54.0682 22968	zebrbus         (c95dd99e29e2d5ae7c1aac26b02a111c) C:\Windows\system32\DRIVERS\zebrbus.sys
17:02:54.0693 22968	zebrbus - ok
17:02:54.0710 22968	zebrmdfl        (78f045074b1a6ad699e76e573b5ea82a) C:\Windows\system32\DRIVERS\zebrmdfl.sys
17:02:54.0720 22968	zebrmdfl - ok
17:02:54.0745 22968	zebrmdm         (636df12276af9ee94a34ded15f620714) C:\Windows\system32\DRIVERS\zebrmdm.sys
17:02:54.0755 22968	zebrmdm - ok
17:02:54.0774 22968	zebrmdmc        (4fd7eb4d3c7bd3550c2e15f0a25fc52f) C:\Windows\system32\DRIVERS\zebrmdmc.sys
17:02:54.0784 22968	zebrmdmc - ok
17:02:54.0875 22968	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
17:02:54.0885 22968	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:02:54.0909 22968	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:02:55.0504 22968	\Device\Harddisk0\DR0 - ok
17:02:55.0507 22968	Boot (0x1200)   (13967c48220510faeec4479ea76643ee) \Device\Harddisk0\DR0\Partition0
17:02:55.0508 22968	\Device\Harddisk0\DR0\Partition0 - ok
17:02:55.0536 22968	Boot (0x1200)   (f465bca5e6222842840b311130b9eb34) \Device\Harddisk0\DR0\Partition1
17:02:55.0539 22968	\Device\Harddisk0\DR0\Partition1 - ok
17:02:55.0539 22968	============================================================
17:02:55.0539 22968	Scan finished
17:02:55.0539 22968	============================================================
17:02:55.0548 21924	Detected object count: 9
17:02:55.0548 21924	Actual detected object count: 9
17:03:28.0730 21924	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0730 21924	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0732 21924	CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0732 21924	CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0733 21924	ETService ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0734 21924	ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0735 21924	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0735 21924	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0737 21924	IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0737 21924	IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0738 21924	int15 ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0738 21924	int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0740 21924	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0740 21924	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0741 21924	NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0742 21924	NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:03:28.0743 21924	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:28.0743 21924	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:04:54.0002 19304	Deinitialize success

Gruss Chris

cosinus · 24.07.2012, 09:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

christian85 · 24.07.2012, 12:32

Ich musst das Programm leider zweimal laufen lassen,weils beim ersten mal beim log-erstellen abgestürzt ist.

Hier is der zweite log:

Code:

ATTFilter

ComboFix 12-07-25.04 - Chris 24.07.2012  13:07:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1922 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))
.
.
2012-07-24 11:14 . 2012-07-24 11:16	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2012-07-24 11:14 . 2012-07-24 11:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-21 14:26 . 2012-07-21 14:26	--------	d-----w-	C:\_OTL
2012-07-18 15:34 . 2012-07-18 15:34	--------	d-----w-	c:\program files\ESET
2012-07-14 14:06 . 2012-07-21 13:46	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-07-14 13:01 . 2012-07-14 13:01	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-07-13 20:41 . 2012-07-13 20:41	--------	d-----w-	c:\users\Chris\AppData\Roaming\Fighters
2012-07-13 20:40 . 2012-07-13 20:40	--------	d-----w-	c:\programdata\Common Toolkit Suite
2012-07-13 20:39 . 2012-07-14 12:50	--------	d-----w-	c:\programdata\Fighters
2012-07-13 19:12 . 2012-07-13 19:12	--------	d-----w-	c:\users\Chris\AppData\Roaming\Malwarebytes
2012-07-13 19:12 . 2012-07-13 19:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-13 18:55 . 2012-07-13 18:55	159608	----a-w-	c:\windows\system32\mfevtps.exe.93de.deleteme
2012-07-13 18:54 . 2012-07-13 19:07	14664	----a-w-	c:\windows\stinger.sys
2012-07-13 18:54 . 2012-07-13 18:54	159608	----a-w-	c:\windows\system32\mfevtps.exe.3da9.deleteme
2012-07-13 18:52 . 2012-07-13 18:52	--------	d-----w-	c:\users\Chris\AppData\Local\Messenger_Plus_Live
2012-07-13 18:52 . 2012-07-13 19:18	--------	d-----w-	c:\program files\stinger
2012-07-11 07:33 . 2012-07-11 07:33	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-11 07:33 . 2012-07-11 07:33	--------	d-----w-	c:\program files\Java
2012-07-03 16:07 . 2012-07-03 16:07	--------	d-----w-	c:\users\Chris\AppData\Roaming\Buhl Data Service
2012-07-03 16:07 . 2012-07-03 16:07	--------	d-----w-	c:\users\Chris\AppData\Local\Buhl Data Service
2012-07-03 16:06 . 2012-07-03 16:20	--------	d-----w-	c:\users\Chris\AppData\Local\Buhl
2012-07-03 15:22 . 2012-07-03 16:20	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 19:24 . 2012-05-25 10:20	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-11 19:24 . 2011-05-15 05:28	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 07:33 . 2010-05-05 07:51	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-14 22:19 . 2012-07-14 13:01	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-21 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-03 3607040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-09-06 115560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-9-12 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-9 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-03 17:06	2972160	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 19:24]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 09:44]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 09:44]
.
2012-07-23 c:\windows\Tasks\Norton SystemWorks - One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-11-05 16:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1ajxtb94.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-Xfire - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 13:16
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3968)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\PnkBstrA.exe
d:\neuer ordner\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-24  13:21:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-24 11:21
.
Vor Suchlauf: 30 Verzeichnis(se), 21.972.037.632 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 21.907.677.184 Bytes frei
.
- - End Of File - - 505EE9350AF29AE69026004EB579E59F

Gruss
Chris

cosinus · 24.07.2012, 20:33

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Trojaner Pup.Blabbers

Plagegeister aller Art und deren Bekämpfung: Trojaner Pup.Blabbers