win32/mebroot Trojaner im Arbeitsspeicher

Torch · 22.07.2012, 16:05

Hallo,
also ESET Smart Security hat im Arbeitsspeicher einen Win32/Mebroot Trojaner gefunden. Allerdings kann ich diesen nicht bereinigen.

Hier habe ich die Logfiles:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:48 on 22/07/2012 (Enrico)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

OTL logfile created on: 22.07.2012 11:49:33 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Enrico\Searches\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,22% Memory free
6,18 Gb Paging File | 4,73 Gb Available in Paging File | 76,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 400,58 Gb Free Space | 87,85% Space Free | Partition Type: NTFS
 
Computer Name: ENRICO-PC | User Name: Enrico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.22 09:50:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 15:26:50 | 000,254,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.03.18 10:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Enrico\AppData\Local\Temp\pxdiypod.sys -- (pxdiypod)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Enrico\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012.03.14 08:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2009.06.22 15:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKCU\..\SearchScopes,DefaultScope = {9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}
IE - HKCU\..\SearchScopes\{9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 21:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.21 10:57:33 | 000,000,000 | ---D | M]
 
[2012.07.20 22:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico\AppData\Roaming\mozilla\Extensions
[2012.07.21 10:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949700C-0D8F-4F09-9BBD-A040D353F97D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 09:50:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\ESET
[2012.07.21 10:59:11 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.21 10:52:10 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Mozilla
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Mozilla
[2012.07.20 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.07.20 21:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.20 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.20 21:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\Enrico\Documents\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.07.20 16:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.20 16:13:00 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents\Notes
[2012.07.20 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Adobe
[2012.07.20 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.07.20 15:32:39 | 000,290,248 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.07.20 15:32:39 | 000,129,992 | ---- | C] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll
[2012.07.20 15:32:26 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell
[2012.07.20 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Acer ePower Management V4
[2012.07.20 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.07.20 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.07.20 15:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.07.20 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Internet
[2012.07.20 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell MyBackup
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2012.07.20 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012.07.20 15:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.07.20 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Macromedia
[2012.07.20 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Adobe
[2012.07.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Video Web Camera
[2012.07.20 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Google
[2012.07.20 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\InstallShield
[2012.07.20 14:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.07.20 14:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.07.20 09:45:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\oem
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\uk-UA
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sl-SI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sk-SK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lv-LV
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lt-LT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hr-HR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\et-EE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\bg-BG
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2012.07.20 09:37:28 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2012.07.20 09:36:28 | 000,273,408 | ---- | C] (Wistron Corp.) -- C:\Windows\PLAUNCH.EXE
[2012.07.20 09:36:28 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2012.07.20 09:36:28 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2012.07.20 01:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.20 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012.07.20 00:51:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.07.20 00:50:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.07.20 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Google
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Searches
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.20 00:07:51 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Identities
[2012.07.20 00:07:49 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Contacts
[2012.07.20 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Packard Bell
[2012.07.20 00:06:19 | 000,000,000 | ---D | C] -- C:\Windows\oem
[2012.07.20 00:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.20 00:04:41 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\VirtualStore
[2012.07.20 00:04:37 | 000,000,000 | --SD | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Videos
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Saved Games
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Pictures
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Music
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Links
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Favorites
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Downloads
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Vorlagen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Verlauf
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Temporary Internet Files
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Startmenü
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\SendTo
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Recent
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Netzwerkumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Lokale Einstellungen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Videos
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Musik
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Eigene Dateien
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Bilder
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Druckumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Cookies
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -H-D | C] -- C:\Users\Enrico\AppData
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Temp
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Media Center Programs
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 11:47:14 | 000,000,000 | ---- | M] () -- C:\Users\Enrico\defogger_reenable
[2012.07.22 11:45:25 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.22 11:45:25 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.22 11:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 10:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.07.22 09:50:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.07.22 09:50:13 | 000,050,477 | ---- | M] () -- C:\Users\Enrico\Searches\Desktop\Defogger.exe
[2012.07.22 08:42:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 08:42:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 01:10:38 | 000,302,592 | ---- | M] () -- C:\Users\Enrico\Searches\Desktop\gjgeywfd.exe
[2012.07.21 10:56:34 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.21 10:56:34 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.21 10:56:34 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.21 10:56:34 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.21 10:52:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.21 10:51:32 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 23:45:09 | 000,300,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.20 21:57:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:40:17 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 21:20:49 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:41 | 000,008,172 | ---- | M] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:32:26 | 001,381,376 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:18:56 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML
[2012.07.20 15:17:53 | 000,000,016 | ---- | M] () -- C:\Windows\SetLang.bat
[2012.07.20 15:14:48 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml
[2012.07.20 15:14:47 | 000,003,584 | ---- | M] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 15:04:09 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2012.07.20 15:03:40 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 09:45:50 | 000,000,181 | RHS- | M] () -- C:\Preload.rev
[2012.07.20 01:01:11 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.07.20 00:07:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
 
========== Files Created - No Company Name ==========
 
[2012.07.22 11:47:14 | 000,000,000 | ---- | C] () -- C:\Users\Enrico\defogger_reenable
[2012.07.22 09:50:12 | 000,050,477 | ---- | C] () -- C:\Users\Enrico\Searches\Desktop\Defogger.exe
[2012.07.22 01:10:35 | 000,302,592 | ---- | C] () -- C:\Users\Enrico\Searches\Desktop\gjgeywfd.exe
[2012.07.20 21:57:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:48:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.07.20 21:40:17 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 21:40:16 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.20 20:57:02 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:28 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:14:45 | 000,003,584 | ---- | C] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 15:04:09 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2012.07.20 15:03:40 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 15:01:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.07.20 09:45:50 | 000,007,573 | -HS- | C] () -- C:\Patch.rev
[2012.07.20 09:36:46 | 000,010,156 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012.07.20 09:36:46 | 000,001,407 | ---- | C] () -- C:\Windows\System32\nvhda.nvu
[2012.07.20 09:36:32 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2012.07.20 09:36:28 | 000,000,193 | ---- | C] () -- C:\Windows\USER.XML
[2012.07.20 00:59:14 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.20 00:08:06 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.07.20 00:08:00 | 000,000,951 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.20 00:07:58 | 000,000,946 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.07.20 00:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
[2012.07.20 00:07:49 | 000,000,917 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.07.20 00:07:46 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.07.20 00:04:42 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.21 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.20 15:33:42 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.07.22 10:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.07.21 10:50:36 | 000,014,672 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 22.07.2012 11:49:33 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Enrico\Searches\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,22% Memory free
6,18 Gb Paging File | 4,73 Gb Available in Paging File | 76,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 400,58 Gb Free Space | 87,85% Space Free | Partition Type: NTFS
 
Computer Name: ENRICO-PC | User Name: Enrico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4142781368-3790083805-2454621229-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D85FB4E-21C2-4DE7-A519-44E685FB918D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{8A7B7522-D73F-47C9-8CEB-7557F23DB616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{954F1335-4CDE-41E9-8B87-1445D6F36FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C90B0A63-978E-406C-A2E0-CFACE9C13B87}" = ESET Smart Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"SetupMyPC" = SetupMyPC
"StarCraft II" = StarCraft II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Updator
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 16:52:27 | Computer Name = Enrico-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 18:10:07 | Computer Name = Enrico-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2012 19:20:30 | Computer Name = Enrico-PC | Source = Perflib | ID = 1010
Description = 
 
[ System Events ]
Error - 20.07.2012 09:27:40 | Computer Name = Enrico-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 09:27:40 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.07.2012 09:27:40 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.07.2012 14:20:54 | Computer Name = Enrico-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.07.2012 14:21:35 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.07.2012 14:46:51 | Computer Name = Enrico-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 20.07.2012 14:47:09 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.07.2012 14:55:53 | Computer Name = Enrico-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.123.152 für die Netzwerkkarte mit der Netzwerkadresse
 001E657ED0B0 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.07.2012 15:24:54 | Computer Name = Enrico-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.248 für die Netzwerkkarte mit der Netzwerkadresse
 001E657ED0B0 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.07.2012 15:34:31 | Computer Name = Enrico-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.248 für die Netzwerkkarte mit der Netzwerkadresse
 001E657ED0B0 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-22 12:38:37
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1  rev.
Running: gjgeywfd.exe; Driver: C:\Users\Enrico\AppData\Local\Temp\pxdiypod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                 ZwCreateThread [0xA061E7F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                 ZwLoadDriver [0xA061E8B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                 ZwSetSystemInformation [0xA061E870]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                 ZwSystemDebugControl [0xA061E830]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                                  820F8A78 4 Bytes  [F0, E7, 61, A0]
.text           ntkrnlpa.exe!KeSetTimerEx + 5B0                                                                                                                  820F8BD4 4 Bytes  CALL D6182C3A 
.text           ntkrnlpa.exe!KeSetTimerEx + 810                                                                                                                  820F8E34 4 Bytes  [70, E8, 61, A0]
.text           ntkrnlpa.exe!KeSetTimerEx + 84C                                                                                                                  820F8E70 4 Bytes  CALL D81C2ED6 
?               C:\Users\Enrico\AppData\Local\Temp\mbr.sys                                                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxIndirectParamW                                                         7655BD25 5 Bytes  JMP 6F170F0D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxParamW                                                                 76571FD5 5 Bytes  JMP 6F170E97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxParamA                                                                 765980B2 5 Bytes  JMP 6F170ED2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!DialogBoxIndirectParamA                                                         765983DD 5 Bytes  JMP 6F170F48 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxIndirectA                                                             765AD471 5 Bytes  JMP 6F170E53 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxIndirectW                                                             765AD56B 5 Bytes  JMP 6F170E0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxExA                                                                   765AD5D1 1 Byte  [E9]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxExA                                                                   765AD5D1 5 Bytes  JMP 6F170DD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] USER32.dll!MessageBoxExW                                                                   765AD5F5 5 Bytes  JMP 6F170D9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2988] ole32.dll!OleLoadFromStream                                                                77B29794 5 Bytes  JMP 6F171123 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\ESET\ESET Smart Security\ekrn.exe[3440] kernel32.dll!SetUnhandledExceptionFilter                                                77E86E2D 4 Bytes  [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\disk \Device\Harddisk0\DR0                                                                                                               88D0EA0A

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process         C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** )                                                                                2988                                                                                                      

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                            Whistler@MBR code has been found                                                                           <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                                            sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7F6UDWUI\httpErrorPagesScripts[1]  0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7N25U5\info_48[2]                0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7N25U5\background_gradient[2]    0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL0BW065\bullet[2]                 0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NL0BW065\info_48[3]                0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPGVXYLA\info_48[2]                0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPGVXYLA\background_gradient[2]    0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPGVXYLA\errorPageStrings[1]       0 bytes
File            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPGVXYLA\ErrorPageTemplate[3]      0 bytes

---- EOF - GMER 1.0.15 ----

Vielen Dank im voraus für eure Hilfe

cosinus · 25.07.2012, 13:34

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Torch · 27.07.2012, 18:38

Habe die Suchläufe gemacht und hat nichts gefunden.

Hier die Logfiles:

Code:

ATTFilter

 nmMalwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Enrico :: ENRICO-PC [limitiert]

Schutz: Aktiviert

27.07.2012 13:41:17
mbam-log-2012-07-27 (13-41-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356582
Laufzeit: 2 Stunde(n), 6 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=20cde3f9c6055845b10f926a794797b5
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 03:35:35
# local_time=2012-07-27 05:35:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 7911 180935848 0 0
# compatibility_mode=8206 39157117 100 88 4 12279112 0 0
# scanned=1876
# found=0
# cleaned=0
# scan_time=215
# nod_component=V3 Build:0x30000000
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=20cde3f9c6055845b10f926a794797b5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-27 05:03:39
# local_time=2012-07-27 07:03:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 8873 180936810 0 0
# compatibility_mode=8206 39157181 100 88 966 12280074 0 0
# scanned=195707
# found=0
# cleaned=0
# scan_time=4536
# nod_component=V3 Build:0x30000000

Aber dennoch meldet mein ESET Smart Security immer folgendes:

"27.07.2012 19:34:49 Prüfung der Systemstartdateien Arbeitsspeicher Arbeitsspeicher Win32/Mebroot Trojaner Fehler beim Säubern Enrico-PC\Enrico"

bzw. Säubern nicht möglich

Mit freundlichen Grüßen, Enrico

cosinus · 27.07.2012, 22:00

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Torch · 30.07.2012, 17:48

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/30/2012 at 18:47:31
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Enrico - ENRICO-PC
# Running from : C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Enrico\AppData\Roaming\Mozilla\Firefox\Profiles\lh47lsh7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1186 octets] - [30/07/2012 18:41:54]
AdwCleaner[R2].txt - [1246 octets] - [30/07/2012 18:42:33]
AdwCleaner[R3].txt - [1306 octets] - [30/07/2012 18:43:51]
AdwCleaner[R4].txt - [1237 octets] - [30/07/2012 18:47:31]

########## EOF - C:\AdwCleaner[R4].txt - [1365 octets] ##########

cosinus · 30.07.2012, 20:31

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Torch · 31.07.2012, 16:23

Hier ist die Logdatei:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:05:38
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Enrico - ENRICO-PC
# Running from : C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Enrico\AppData\Roaming\Mozilla\Firefox\Profiles\lh47lsh7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1186 octets] - [30/07/2012 18:41:54]
AdwCleaner[R2].txt - [1246 octets] - [30/07/2012 18:42:33]
AdwCleaner[R3].txt - [1306 octets] - [30/07/2012 18:43:51]
AdwCleaner[R4].txt - [1366 octets] - [30/07/2012 18:47:31]
AdwCleaner[S1].txt - [1303 octets] - [31/07/2012 17:05:38]

########## EOF - C:\AdwCleaner[S1].txt - [1431 octets] ##########

cosinus · 31.07.2012, 20:18

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Torch · 01.08.2012, 15:26

Hallo,

also der normale Modus funktioniert soweit ich es weiß uneingeschränkt. Bin aber immer als Administrator angemeldet.
Außerdem fällt mir auch nichts ungewöhnliches im Startmenü auf. Alle Ordner unter "alle Programme" beinhalten etwas bis auf der Ordner Startmenü, aber ich glaube das hatte ich extra rausgenommen.

Soweit fehlt dem PC nichts weiter, also aus meiner Sicht könnte es sich auch um eine Fehlmeldung von ESET handeln.

Liebe Grüße

cosinus · 02.08.2012, 12:13

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Torch · 02.08.2012, 17:33

Hallo
habe hier das Logfile

Code:

ATTFilter

OTL logfile created on: 02.08.2012 17:21:10 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Enrico\Searches\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,49% Memory free
6,18 Gb Paging File | 5,23 Gb Available in Paging File | 84,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 323,78 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
 
Computer Name: ENRICO-PC | User Name: Enrico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.02 16:21:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012.03.14 08:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2009.06.22 15:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes,DefaultScope = {9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes\{9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_de
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 21:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.21 10:57:33 | 000,000,000 | ---D | M]
 
[2012.07.20 22:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico\AppData\Roaming\mozilla\Extensions
[2012.07.21 10:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A28009ED-7356-40C6-945C-EA4D1F47490C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949700C-0D8F-4F09-9BBD-A040D353F97D}: DhcpNameServer = 192.168.123.100
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 16:21:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.08.02 16:16:48 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.08.01 17:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.08.01 16:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.07.27 20:20:05 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Favorites
[2012.07.26 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Malwarebytes
[2012.07.26 23:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 21:21:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.07.23 21:21:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.07.23 21:21:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.07.22 23:19:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.07.22 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Microsoft Games
[2012.07.22 22:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.07.22 22:41:43 | 000,000,000 | ---D | C] -- C:\Users\Enrico\Logfiles
[2012.07.22 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Nero
[2012.07.22 22:34:51 | 000,000,000 | R--D | C] -- C:\Users\Enrico\My Stuff
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Mozilla
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Mozilla
[2012.07.20 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.07.20 21:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.20 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.20 21:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\Enrico\Documents\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.07.20 16:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.20 16:13:00 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents\Notes
[2012.07.20 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Adobe
[2012.07.20 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.07.20 15:32:39 | 000,588,472 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.07.20 15:32:39 | 000,129,992 | ---- | C] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll
[2012.07.20 15:32:26 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell
[2012.07.20 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Acer ePower Management V4
[2012.07.20 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.07.20 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.07.20 15:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.07.20 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Internet
[2012.07.20 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell MyBackup
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2012.07.20 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012.07.20 15:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.07.20 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Macromedia
[2012.07.20 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Adobe
[2012.07.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Video Web Camera
[2012.07.20 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Google
[2012.07.20 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\InstallShield
[2012.07.20 14:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.07.20 14:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.07.20 09:45:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\oem
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\uk-UA
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sl-SI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sk-SK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lv-LV
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lt-LT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hr-HR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\et-EE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\bg-BG
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2012.07.20 09:37:28 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2012.07.20 09:36:28 | 000,273,408 | ---- | C] (Wistron Corp.) -- C:\Windows\PLAUNCH.EXE
[2012.07.20 09:36:28 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2012.07.20 09:36:28 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2012.07.20 01:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.20 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012.07.20 00:51:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.07.20 00:50:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.07.20 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Google
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Searches
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.20 00:07:51 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Identities
[2012.07.20 00:07:49 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Contacts
[2012.07.20 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Packard Bell
[2012.07.20 00:06:19 | 000,000,000 | ---D | C] -- C:\Windows\oem
[2012.07.20 00:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.20 00:04:41 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\VirtualStore
[2012.07.20 00:04:37 | 000,000,000 | --SD | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Videos
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Pictures
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Music
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Downloads
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Vorlagen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Verlauf
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Temporary Internet Files
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Startmenü
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\SendTo
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Recent
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Netzwerkumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Lokale Einstellungen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Videos
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Musik
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Eigene Dateien
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Bilder
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Druckumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Cookies
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -H-D | C] -- C:\Users\Enrico\AppData
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Temp
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Media Center Programs
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 17:09:05 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.02 17:09:05 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.02 17:09:04 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.08.02 17:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 16:23:13 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.02 16:23:13 | 000,583,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.02 16:23:13 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.02 16:23:13 | 000,097,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.02 16:21:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.08.02 16:16:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 16:16:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 16:16:17 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 17:16:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.08.01 16:28:47 | 000,239,946 | ---- | M] () -- C:\Users\Enrico\Documents\I follow River-Trigerfinger.xps
[2012.07.30 18:40:19 | 000,632,049 | ---- | M] () -- C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
[2012.07.28 10:09:22 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.07.27 20:18:26 | 000,300,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.27 19:57:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.07.27 19:57:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.07.27 19:57:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.07.22 22:46:54 | 000,005,632 | ---- | M] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 22:46:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.20 21:57:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:40:17 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:41 | 000,008,172 | ---- | M] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:32:26 | 001,381,376 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:18:56 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML
[2012.07.20 15:17:53 | 000,000,016 | ---- | M] () -- C:\Windows\SetLang.bat
[2012.07.20 15:14:48 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml
[2012.07.20 15:03:40 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 09:45:50 | 000,000,181 | RHS- | M] () -- C:\Preload.rev
[2012.07.20 01:01:11 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.07.20 00:07:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
 
========== Files Created - No Company Name ==========
 
[2012.08.01 16:28:45 | 000,239,946 | ---- | C] () -- C:\Users\Enrico\Documents\I follow River-Trigerfinger.xps
[2012.07.30 18:40:07 | 000,632,049 | ---- | C] () -- C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
[2012.07.27 19:57:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.07.22 23:17:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.07.22 23:17:41 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.07.22 23:17:39 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.07.22 23:17:39 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.07.22 23:17:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.07.22 23:17:34 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.07.22 23:17:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.07.22 23:17:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.07.22 23:17:18 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.07.22 23:17:18 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.07.20 21:57:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:48:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.07.20 21:40:17 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 21:40:16 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.20 20:57:02 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:28 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:14:45 | 000,005,632 | ---- | C] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 15:03:40 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 15:01:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.07.20 09:45:50 | 000,007,573 | -HS- | C] () -- C:\Patch.rev
[2012.07.20 09:36:46 | 000,010,156 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012.07.20 09:36:46 | 000,001,407 | ---- | C] () -- C:\Windows\System32\nvhda.nvu
[2012.07.20 09:36:32 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2012.07.20 09:36:28 | 000,000,193 | ---- | C] () -- C:\Windows\USER.XML
[2012.07.20 00:59:14 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.20 00:08:06 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.07.20 00:08:00 | 000,000,951 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.20 00:07:58 | 000,000,946 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.07.20 00:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
[2012.07.20 00:07:49 | 000,000,917 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.07.20 00:07:46 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.07.20 00:04:42 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.21 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.20 15:33:42 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.08.02 17:09:04 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.08.01 18:14:40 | 000,023,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.27 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Adobe
[2012.07.21 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.20 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Google
[2012.07.20 00:07:51 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Identities
[2012.07.20 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\InstallShield
[2012.07.20 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Macromedia
[2012.07.26 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Media Center Programs
[2012.07.31 20:52:26 | 000,000,000 | --SD | M] -- C:\Users\Enrico\AppData\Roaming\Microsoft
[2012.07.20 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Mozilla
[2012.07.22 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Nero
[2012.07.20 15:33:42 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dhcpcsvc6.dll
[2008.01.21 04:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\winnsi.dll

< End of report >

Danke nochmal für die Hilfe

Hallo,
ich habe das Logfile eigentlich schon mal reingestellt, aber es erscheint irgendwie nicht.

Code:

ATTFilter

OTL logfile created on: 02.08.2012 17:21:10 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Enrico\Searches\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,49% Memory free
6,18 Gb Paging File | 5,23 Gb Available in Paging File | 84,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 323,78 Gb Free Space | 71,01% Space Free | Partition Type: NTFS
 
Computer Name: ENRICO-PC | User Name: Enrico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.02 16:21:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Smart Security\egui.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 05:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.06 05:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 15:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.25 19:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012.03.14 08:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2009.06.22 15:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 20:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.12.29 19:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0712&m=easynote_tj65
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes,DefaultScope = {9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\..\SearchScopes\{9F9E3EC7-2CD1-4716-85EB-968F1A9012CF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_de
IE - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 21:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.21 10:57:33 | 000,000,000 | ---D | M]
 
[2012.07.20 22:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico\AppData\Roaming\mozilla\Extensions
[2012.07.21 10:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4142781368-3790083805-2454621229-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A28009ED-7356-40C6-945C-EA4D1F47490C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C949700C-0D8F-4F09-9BBD-A040D353F97D}: DhcpNameServer = 192.168.123.100
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 16:21:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.08.02 16:16:48 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.08.01 17:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.08.01 16:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.07.27 20:20:05 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Favorites
[2012.07.26 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Malwarebytes
[2012.07.26 23:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 21:21:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.07.23 21:21:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.07.23 21:21:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.07.22 23:19:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.07.22 22:55:56 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Microsoft Games
[2012.07.22 22:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.07.22 22:41:43 | 000,000,000 | ---D | C] -- C:\Users\Enrico\Logfiles
[2012.07.22 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Nero
[2012.07.22 22:34:51 | 000,000,000 | R--D | C] -- C:\Users\Enrico\My Stuff
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.21 11:08:32 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.21 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Mozilla
[2012.07.20 22:25:21 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Mozilla
[2012.07.20 22:14:05 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.07.20 21:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.20 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.20 21:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\Enrico\Documents\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.07.20 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.07.20 16:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.07.20 16:13:00 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents\Notes
[2012.07.20 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Adobe
[2012.07.20 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.07.20 15:32:39 | 000,588,472 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.07.20 15:32:39 | 000,129,992 | ---- | C] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll
[2012.07.20 15:32:26 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell
[2012.07.20 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Acer ePower Management V4
[2012.07.20 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012.07.20 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.07.20 15:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.07.20 15:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Internet
[2012.07.20 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell MyBackup
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2012.07.20 15:10:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2012.07.20 15:10:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2012.07.20 15:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012.07.20 15:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.07.20 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Macromedia
[2012.07.20 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Adobe
[2012.07.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Video Web Camera
[2012.07.20 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Google
[2012.07.20 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\InstallShield
[2012.07.20 14:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.07.20 14:59:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.07.20 14:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.07.20 09:45:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\oem
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\uk-UA
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sl-SI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sk-SK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lv-LV
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lt-LT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hr-HR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\et-EE
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\bg-BG
[2012.07.20 09:43:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2012.07.20 09:37:28 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2012.07.20 09:36:28 | 000,273,408 | ---- | C] (Wistron Corp.) -- C:\Windows\PLAUNCH.EXE
[2012.07.20 09:36:28 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2012.07.20 09:36:28 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2012.07.20 01:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.20 00:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012.07.20 00:51:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.07.20 00:50:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.07.20 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Google
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Searches
[2012.07.20 00:07:58 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.07.20 00:07:51 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Identities
[2012.07.20 00:07:49 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Contacts
[2012.07.20 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Packard Bell
[2012.07.20 00:06:19 | 000,000,000 | ---D | C] -- C:\Windows\oem
[2012.07.20 00:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.07.20 00:04:41 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\VirtualStore
[2012.07.20 00:04:37 | 000,000,000 | --SD | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Videos
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Pictures
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Music
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Downloads
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\Documents
[2012.07.20 00:04:37 | 000,000,000 | R--D | C] -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Vorlagen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Verlauf
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Temporary Internet Files
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Startmenü
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\SendTo
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Recent
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Netzwerkumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Lokale Einstellungen
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Videos
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Musik
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Eigene Dateien
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Documents\Eigene Bilder
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Druckumgebung
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Cookies
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\AppData\Local\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -HSD | C] -- C:\Users\Enrico\Anwendungsdaten
[2012.07.20 00:04:37 | 000,000,000 | -H-D | C] -- C:\Users\Enrico\AppData
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Temp
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Local\Microsoft
[2012.07.20 00:04:37 | 000,000,000 | ---D | C] -- C:\Users\Enrico\AppData\Roaming\Media Center Programs
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.07.20 00:04:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 17:09:05 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.02 17:09:05 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.02 17:09:04 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.08.02 17:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 16:23:13 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.02 16:23:13 | 000,583,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.02 16:23:13 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.02 16:23:13 | 000,097,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.02 16:21:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico\Searches\Desktop\OTL.exe
[2012.08.02 16:16:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 16:16:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 16:16:17 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.01 17:16:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.08.01 16:28:47 | 000,239,946 | ---- | M] () -- C:\Users\Enrico\Documents\I follow River-Trigerfinger.xps
[2012.07.30 18:40:19 | 000,632,049 | ---- | M] () -- C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
[2012.07.28 10:09:22 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012.07.27 20:18:26 | 000,300,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.27 19:57:42 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.07.27 19:57:42 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.07.27 19:57:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.07.22 22:46:54 | 000,005,632 | ---- | M] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.22 22:46:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.20 21:57:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:40:17 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:41 | 000,008,172 | ---- | M] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:32:26 | 001,381,376 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl
[2012.07.20 15:32:26 | 000,778,240 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl
[2012.07.20 15:32:26 | 000,268,288 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe
[2012.07.20 15:32:26 | 000,215,040 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl
[2012.07.20 15:32:26 | 000,111,104 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe
[2012.07.20 15:32:26 | 000,097,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl
[2012.07.20 15:32:26 | 000,091,136 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe
[2012.07.20 15:32:26 | 000,064,512 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl
[2012.07.20 15:32:26 | 000,049,152 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll
[2012.07.20 15:32:26 | 000,015,872 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe
[2012.07.20 15:18:56 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML
[2012.07.20 15:17:53 | 000,000,016 | ---- | M] () -- C:\Windows\SetLang.bat
[2012.07.20 15:14:48 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml
[2012.07.20 15:03:40 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 09:45:50 | 000,000,181 | RHS- | M] () -- C:\Preload.rev
[2012.07.20 01:01:11 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.07.20 00:07:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
 
========== Files Created - No Company Name ==========
 
[2012.08.01 16:28:45 | 000,239,946 | ---- | C] () -- C:\Users\Enrico\Documents\I follow River-Trigerfinger.xps
[2012.07.30 18:40:07 | 000,632,049 | ---- | C] () -- C:\Users\Enrico\Searches\Desktop\adwcleaner.exe
[2012.07.27 19:57:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.07.22 23:17:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.07.22 23:17:41 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.07.22 23:17:39 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.07.22 23:17:39 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.07.22 23:17:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.07.22 23:17:34 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.07.22 23:17:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.07.22 23:17:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.07.22 23:17:18 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.07.22 23:17:18 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.07.20 21:57:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.07.20 21:48:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.07.20 21:40:17 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.20 21:40:16 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.20 20:57:02 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.07.20 15:32:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.07.20 15:32:28 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2012.07.20 15:14:45 | 000,005,632 | ---- | C] () -- C:\Users\Enrico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 15:03:40 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2012.07.20 15:03:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.07.20 15:01:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.07.20 09:45:50 | 000,007,573 | -HS- | C] () -- C:\Patch.rev
[2012.07.20 09:36:46 | 000,010,156 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012.07.20 09:36:46 | 000,001,407 | ---- | C] () -- C:\Windows\System32\nvhda.nvu
[2012.07.20 09:36:32 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2012.07.20 09:36:28 | 000,000,193 | ---- | C] () -- C:\Windows\USER.XML
[2012.07.20 00:59:14 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.20 00:08:06 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.07.20 00:08:00 | 000,000,951 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.20 00:07:58 | 000,000,946 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.07.20 00:07:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PackardBell_EasyNoteTJ65_N-A_LXBDC0X018933B7FAB2200.MRK
[2012.07.20 00:07:49 | 000,000,917 | ---- | C] () -- C:\Users\Enrico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.07.20 00:07:46 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.07.20 00:04:42 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.21 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.20 15:33:42 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
[2012.08.02 17:09:04 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Customer Registration Reminder - Enrico.job
[2012.08.01 18:14:40 | 000,023,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.27 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Adobe
[2012.07.21 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\ESET
[2012.07.20 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Google
[2012.07.20 00:07:51 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Identities
[2012.07.20 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\InstallShield
[2012.07.20 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Macromedia
[2012.07.26 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Media Center Programs
[2012.07.31 20:52:26 | 000,000,000 | --SD | M] -- C:\Users\Enrico\AppData\Roaming\Microsoft
[2012.07.20 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Mozilla
[2012.07.22 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Nero
[2012.07.20 15:33:42 | 000,000,000 | ---D | M] -- C:\Users\Enrico\AppData\Roaming\Packard Bell
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dhcpcsvc6.dll
[2008.01.21 04:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\winnsi.dll

< End of report >

cosinus · 03.08.2012, 15:43

Ist ziemlich unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Torch · 05.08.2012, 13:41

Hey,
also diesmal hat er zumindestens etwas gefunden. Hier das Log:

Code:

ATTFilter

11:29:28.0458 1144	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:29:28.0474 1144	============================================================
11:29:28.0474 1144	Current date / time: 2012/08/05 11:29:28.0474
11:29:28.0474 1144	SystemInfo:
11:29:28.0474 1144	
11:29:28.0474 1144	OS Version: 6.0.6002 ServicePack: 2.0
11:29:28.0474 1144	Product type: Workstation
11:29:28.0474 1144	ComputerName: ENRICO-PC
11:29:28.0474 1144	UserName: Enrico
11:29:28.0474 1144	Windows directory: C:\Windows
11:29:28.0474 1144	System windows directory: C:\Windows
11:29:28.0474 1144	Processor architecture: Intel x86
11:29:28.0474 1144	Number of processors: 2
11:29:28.0474 1144	Page size: 0x1000
11:29:28.0474 1144	Boot type: Normal boot
11:29:28.0474 1144	============================================================
11:29:29.0020 1144	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:29:29.0020 1144	============================================================
11:29:29.0020 1144	\Device\Harddisk0\DR0:
11:29:29.0020 1144	MBR partitions:
11:29:29.0020 1144	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
11:29:29.0020 1144	============================================================
11:29:29.0051 1144	C: <-> \Device\Harddisk0\DR0\Partition0
11:29:29.0051 1144	============================================================
11:29:29.0051 1144	Initialize success
11:29:29.0051 1144	============================================================
11:30:42.0052 4488	============================================================
11:30:42.0052 4488	Scan started
11:30:42.0052 4488	Mode: Manual; SigCheck; TDLFS; 
11:30:42.0052 4488	============================================================
11:30:43.0799 4488	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:30:43.0893 4488	ACPI - ok
11:30:43.0986 4488	AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
11:30:43.0986 4488	AdobeActiveFileMonitor6.0 - ok
11:30:44.0064 4488	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:30:44.0096 4488	adp94xx - ok
11:30:44.0127 4488	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:30:44.0142 4488	adpahci - ok
11:30:44.0158 4488	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:30:44.0174 4488	adpu160m - ok
11:30:44.0220 4488	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:30:44.0236 4488	adpu320 - ok
11:30:44.0298 4488	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:30:44.0439 4488	AeLookupSvc - ok
11:30:44.0548 4488	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:30:44.0626 4488	AFD - ok
11:30:44.0688 4488	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:30:44.0704 4488	agp440 - ok
11:30:44.0735 4488	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:30:44.0766 4488	aic78xx - ok
11:30:44.0798 4488	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:30:44.0954 4488	ALG - ok
11:30:45.0000 4488	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:30:45.0000 4488	aliide - ok
11:30:45.0063 4488	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:30:45.0078 4488	amdagp - ok
11:30:45.0110 4488	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:30:45.0125 4488	amdide - ok
11:30:45.0188 4488	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:30:45.0219 4488	AmdK7 - ok
11:30:45.0250 4488	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:30:45.0281 4488	AmdK8 - ok
11:30:45.0375 4488	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:30:45.0406 4488	Appinfo - ok
11:30:45.0437 4488	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:30:45.0453 4488	arc - ok
11:30:45.0515 4488	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:30:45.0531 4488	arcsas - ok
11:30:45.0578 4488	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:45.0609 4488	AsyncMac - ok
11:30:45.0640 4488	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:30:45.0656 4488	atapi - ok
11:30:45.0718 4488	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:30:45.0749 4488	AudioEndpointBuilder - ok
11:30:45.0749 4488	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:30:45.0765 4488	Audiosrv - ok
11:30:45.0843 4488	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:30:45.0890 4488	b57nd60x - ok
11:30:45.0936 4488	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:30:45.0983 4488	Beep - ok
11:30:46.0046 4488	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:30:46.0077 4488	BFE - ok
11:30:46.0170 4488	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:30:46.0217 4488	BITS - ok
11:30:46.0233 4488	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:30:46.0264 4488	blbdrive - ok
11:30:46.0295 4488	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:30:46.0326 4488	bowser - ok
11:30:46.0373 4488	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:30:46.0404 4488	BrFiltLo - ok
11:30:46.0420 4488	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:30:46.0436 4488	BrFiltUp - ok
11:30:46.0467 4488	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:30:46.0529 4488	Browser - ok
11:30:46.0638 4488	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:30:47.0309 4488	Brserid - ok
11:30:47.0372 4488	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:30:47.0434 4488	BrSerWdm - ok
11:30:47.0465 4488	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:30:47.0528 4488	BrUsbMdm - ok
11:30:47.0528 4488	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:30:47.0574 4488	BrUsbSer - ok
11:30:47.0621 4488	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:30:47.0684 4488	BTHMODEM - ok
11:30:47.0762 4488	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:47.0793 4488	cdfs - ok
11:30:47.0824 4488	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:30:47.0855 4488	cdrom - ok
11:30:47.0918 4488	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:30:47.0964 4488	CertPropSvc - ok
11:30:47.0980 4488	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:30:48.0011 4488	circlass - ok
11:30:48.0058 4488	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:30:48.0089 4488	CLFS - ok
11:30:48.0167 4488	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:48.0183 4488	clr_optimization_v2.0.50727_32 - ok
11:30:48.0245 4488	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:48.0276 4488	CmBatt - ok
11:30:48.0292 4488	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:30:48.0308 4488	cmdide - ok
11:30:48.0370 4488	CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
11:30:48.0401 4488	CnxtHdAudService - ok
11:30:48.0432 4488	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:30:48.0448 4488	Compbatt - ok
11:30:48.0448 4488	COMSysApp - ok
11:30:48.0448 4488	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:30:48.0464 4488	crcdisk - ok
11:30:48.0479 4488	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:30:48.0510 4488	Crusoe - ok
11:30:48.0573 4488	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:30:48.0604 4488	CryptSvc - ok
11:30:48.0713 4488	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:30:48.0791 4488	DcomLaunch - ok
11:30:48.0807 4488	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:30:48.0838 4488	DfsC - ok
11:30:48.0994 4488	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:30:49.0103 4488	DFSR - ok
11:30:49.0259 4488	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:30:49.0290 4488	Dhcp - ok
11:30:49.0322 4488	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:30:49.0337 4488	disk - ok
11:30:49.0384 4488	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
11:30:49.0400 4488	DKbFltr - ok
11:30:49.0446 4488	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:30:49.0493 4488	Dnscache - ok
11:30:49.0524 4488	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:30:49.0571 4488	dot3svc - ok
11:30:49.0587 4488	Scan interrupted by user!
11:30:49.0587 4488	Scan interrupted by user!
11:30:49.0587 4488	Scan interrupted by user!
11:30:49.0587 4488	============================================================
11:30:49.0587 4488	Scan finished
11:30:49.0587 4488	============================================================
11:30:49.0602 0984	Detected object count: 0
11:30:49.0602 0984	Actual detected object count: 0
11:30:53.0112 5988	============================================================
11:30:53.0112 5988	Scan started
11:30:53.0112 5988	Mode: Manual; SigCheck; TDLFS; 
11:30:53.0112 5988	============================================================
11:30:53.0456 5988	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:30:53.0487 5988	ACPI - ok
11:30:53.0565 5988	AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
11:30:53.0565 5988	AdobeActiveFileMonitor6.0 - ok
11:30:53.0612 5988	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:30:53.0627 5988	adp94xx - ok
11:30:53.0643 5988	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:30:53.0658 5988	adpahci - ok
11:30:53.0690 5988	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:30:53.0690 5988	adpu160m - ok
11:30:53.0721 5988	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:30:53.0736 5988	adpu320 - ok
11:30:53.0768 5988	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:30:53.0783 5988	AeLookupSvc - ok
11:30:53.0814 5988	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:30:53.0830 5988	AFD - ok
11:30:53.0846 5988	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:30:53.0861 5988	agp440 - ok
11:30:53.0892 5988	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:30:53.0908 5988	aic78xx - ok
11:30:53.0939 5988	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:30:53.0955 5988	ALG - ok
11:30:53.0970 5988	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:30:53.0986 5988	aliide - ok
11:30:54.0017 5988	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:30:54.0017 5988	amdagp - ok
11:30:54.0048 5988	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:30:54.0064 5988	amdide - ok
11:30:54.0095 5988	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:30:54.0111 5988	AmdK7 - ok
11:30:54.0126 5988	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:30:54.0158 5988	AmdK8 - ok
11:30:54.0173 5988	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:30:54.0189 5988	Appinfo - ok
11:30:54.0204 5988	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:30:54.0220 5988	arc - ok
11:30:54.0236 5988	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:30:54.0251 5988	arcsas - ok
11:30:54.0251 5988	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:54.0267 5988	AsyncMac - ok
11:30:54.0298 5988	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:30:54.0314 5988	atapi - ok
11:30:54.0345 5988	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:30:54.0360 5988	AudioEndpointBuilder - ok
11:30:54.0376 5988	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:30:54.0392 5988	Audiosrv - ok
11:30:54.0392 5988	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:30:54.0423 5988	b57nd60x - ok
11:30:54.0438 5988	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:30:54.0454 5988	Beep - ok
11:30:54.0501 5988	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:30:54.0532 5988	BFE - ok
11:30:54.0563 5988	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:30:54.0594 5988	BITS - ok
11:30:54.0626 5988	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:30:54.0641 5988	blbdrive - ok
11:30:54.0672 5988	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:30:54.0672 5988	bowser - ok
11:30:54.0704 5988	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:30:54.0719 5988	BrFiltLo - ok
11:30:54.0735 5988	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:30:54.0750 5988	BrFiltUp - ok
11:30:54.0782 5988	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:30:54.0797 5988	Browser - ok
11:30:54.0813 5988	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:30:54.0860 5988	Brserid - ok
11:30:54.0860 5988	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:30:54.0906 5988	BrSerWdm - ok
11:30:54.0922 5988	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:30:54.0969 5988	BrUsbMdm - ok
11:30:54.0969 5988	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:30:55.0016 5988	BrUsbSer - ok
11:30:55.0031 5988	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:30:55.0062 5988	BTHMODEM - ok
11:30:55.0078 5988	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:55.0094 5988	cdfs - ok
11:30:55.0125 5988	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:30:55.0140 5988	cdrom - ok
11:30:55.0156 5988	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:30:55.0187 5988	CertPropSvc - ok
11:30:55.0187 5988	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:30:55.0218 5988	circlass - ok
11:30:55.0250 5988	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:30:55.0265 5988	CLFS - ok
11:30:55.0343 5988	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:55.0359 5988	clr_optimization_v2.0.50727_32 - ok
11:30:55.0421 5988	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:55.0437 5988	CmBatt - ok
11:30:55.0452 5988	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:30:55.0468 5988	cmdide - ok
11:30:55.0499 5988	CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
11:30:55.0515 5988	CnxtHdAudService - ok
11:30:55.0530 5988	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:30:55.0546 5988	Compbatt - ok
11:30:55.0546 5988	COMSysApp - ok
11:30:55.0546 5988	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:30:55.0562 5988	crcdisk - ok
11:30:55.0577 5988	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:30:55.0608 5988	Crusoe - ok
11:30:55.0655 5988	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:30:55.0671 5988	CryptSvc - ok
11:30:55.0733 5988	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:30:55.0764 5988	DcomLaunch - ok
11:30:55.0796 5988	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:30:55.0796 5988	DfsC - ok
11:30:55.0889 5988	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:30:55.0936 5988	DFSR - ok
11:30:56.0014 5988	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:30:56.0030 5988	Dhcp - ok
11:30:56.0061 5988	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:30:56.0076 5988	disk - ok
11:30:56.0092 5988	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
11:30:56.0108 5988	DKbFltr - ok
11:30:56.0123 5988	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:30:56.0139 5988	Dnscache - ok
11:30:56.0154 5988	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:30:56.0186 5988	dot3svc - ok
11:30:56.0217 5988	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:30:56.0264 5988	DPS - ok
11:30:56.0310 5988	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:30:56.0342 5988	drmkaud - ok
11:30:56.0451 5988	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:30:56.0482 5988	DXGKrnl - ok
11:30:56.0560 5988	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:30:56.0607 5988	E1G60 - ok
11:30:56.0654 5988	eamonm          (8a45015e85a4dce0086b9973f0fd9a20) C:\Windows\system32\DRIVERS\eamonm.sys
11:30:56.0669 5988	eamonm - ok
11:30:56.0700 5988	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:30:56.0747 5988	EapHost - ok
11:30:56.0810 5988	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:30:56.0825 5988	Ecache - ok
11:30:56.0903 5988	ehdrv           (5412ed24fffca64e2f0168399b86c952) C:\Windows\system32\DRIVERS\ehdrv.sys
11:30:56.0919 5988	ehdrv - ok
11:30:56.0966 5988	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:30:57.0012 5988	ehRecvr - ok
11:30:57.0044 5988	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:30:57.0075 5988	ehSched - ok
11:30:57.0075 5988	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:30:57.0106 5988	ehstart - ok
11:30:57.0200 5988	ekrn            (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
11:30:57.0231 5988	ekrn - ok
11:30:57.0402 5988	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:30:57.0434 5988	elxstor - ok
11:30:57.0512 5988	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:30:57.0605 5988	EMDMgmt - ok
11:30:57.0668 5988	epfw            (774babcb1144513dc86992003740b774) C:\Windows\system32\DRIVERS\epfw.sys
11:30:57.0683 5988	epfw - ok
11:30:57.0699 5988	EpfwLWF         (2c22cc39309ee06ae870c183bf2a769d) C:\Windows\system32\DRIVERS\EpfwLWF.sys
11:30:57.0714 5988	EpfwLWF - ok
11:30:57.0730 5988	epfwwfp         (2b4e5f01a4e786b422f4d617b51fa7d9) C:\Windows\system32\DRIVERS\epfwwfp.sys
11:30:57.0746 5988	epfwwfp - ok
11:30:57.0917 5988	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
11:30:57.0948 5988	ePowerSvc - ok
11:30:58.0011 5988	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:30:58.0042 5988	ErrDev - ok
11:30:58.0089 5988	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:30:58.0136 5988	EventSystem - ok
11:30:58.0198 5988	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:30:58.0245 5988	exfat - ok
11:30:58.0307 5988	ezSharedSvc     (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
11:30:58.0323 5988	ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
11:30:58.0323 5988	ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
11:30:58.0354 5988	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:30:58.0416 5988	fastfat - ok
11:30:58.0432 5988	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:30:58.0479 5988	fdc - ok
11:30:58.0494 5988	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:30:58.0526 5988	fdPHost - ok
11:30:58.0526 5988	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:30:58.0588 5988	FDResPub - ok
11:30:58.0604 5988	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:30:58.0619 5988	FileInfo - ok
11:30:58.0650 5988	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:30:58.0666 5988	Filetrace - ok
11:30:58.0822 5988	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:30:58.0869 5988	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:30:58.0869 5988	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:30:58.0884 5988	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:58.0916 5988	flpydisk - ok
11:30:58.0947 5988	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:30:58.0962 5988	FltMgr - ok
11:30:59.0072 5988	FontCache       (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
11:30:59.0196 5988	FontCache - ok
11:30:59.0306 5988	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:30:59.0321 5988	FontCache3.0.0.0 - ok
11:30:59.0384 5988	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:59.0415 5988	Fs_Rec - ok
11:30:59.0446 5988	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:30:59.0462 5988	gagp30kx - ok
11:30:59.0524 5988	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:30:59.0571 5988	gpsvc - ok
11:30:59.0649 5988	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:30:59.0727 5988	HdAudAddService - ok
11:30:59.0789 5988	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:30:59.0836 5988	HDAudBus - ok
11:30:59.0852 5988	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:30:59.0930 5988	HidBth - ok
11:30:59.0945 5988	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:30:59.0992 5988	HidIr - ok
11:31:00.0008 5988	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
11:31:00.0054 5988	hidserv - ok
11:31:00.0086 5988	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:31:00.0101 5988	HidUsb - ok
11:31:00.0132 5988	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:31:00.0164 5988	hkmsvc - ok
11:31:00.0179 5988	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:31:00.0195 5988	HpCISSs - ok
11:31:00.0257 5988	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:31:00.0288 5988	HSFHWAZL - ok
11:31:00.0351 5988	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:31:00.0413 5988	HSF_DPV - ok
11:31:00.0460 5988	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:31:00.0507 5988	HTTP - ok
11:31:00.0569 5988	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:31:00.0569 5988	i2omp - ok
11:31:00.0632 5988	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:31:00.0663 5988	i8042prt - ok
11:31:00.0710 5988	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
11:31:00.0725 5988	iaStor - ok
11:31:00.0741 5988	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:31:00.0756 5988	iaStorV - ok
11:31:00.0866 5988	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:31:00.0881 5988	idsvc - ok
11:31:00.0928 5988	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:31:00.0928 5988	iirsp - ok
11:31:00.0975 5988	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:31:01.0006 5988	IKEEXT - ok
11:31:01.0100 5988	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:31:01.0100 5988	intelide - ok
11:31:01.0131 5988	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:31:01.0162 5988	intelppm - ok
11:31:01.0178 5988	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:31:01.0224 5988	IPBusEnum - ok
11:31:01.0240 5988	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:31:01.0287 5988	IpFilterDriver - ok
11:31:01.0302 5988	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:31:01.0349 5988	iphlpsvc - ok
11:31:01.0349 5988	IpInIp - ok
11:31:01.0380 5988	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:31:01.0396 5988	IPMIDRV - ok
11:31:01.0396 5988	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:31:01.0427 5988	IPNAT - ok
11:31:01.0490 5988	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
11:31:01.0505 5988	irda - ok
11:31:01.0536 5988	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:31:01.0552 5988	IRENUM - ok
11:31:01.0583 5988	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
11:31:01.0630 5988	Irmon - ok
11:31:01.0661 5988	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:31:01.0677 5988	isapnp - ok
11:31:01.0724 5988	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:31:01.0739 5988	iScsiPrt - ok
11:31:01.0755 5988	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:31:01.0755 5988	iteatapi - ok
11:31:01.0770 5988	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:31:01.0786 5988	iteraid - ok
11:31:01.0848 5988	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
11:31:01.0895 5988	k57nd60x - ok
11:31:01.0895 5988	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:31:01.0911 5988	kbdclass - ok
11:31:01.0926 5988	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:31:01.0958 5988	kbdhid - ok
11:31:02.0004 5988	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:31:02.0051 5988	KeyIso - ok
11:31:02.0067 5988	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
11:31:02.0098 5988	KSecDD - ok
11:31:02.0160 5988	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:31:02.0223 5988	KtmRm - ok
11:31:02.0285 5988	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
11:31:02.0348 5988	LanmanServer - ok
11:31:02.0410 5988	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:31:02.0441 5988	LanmanWorkstation - ok
11:31:02.0472 5988	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:31:02.0504 5988	lltdio - ok
11:31:02.0566 5988	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:31:02.0691 5988	lltdsvc - ok
11:31:02.0706 5988	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:31:02.0738 5988	lmhosts - ok
11:31:02.0753 5988	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:31:02.0769 5988	LSI_FC - ok
11:31:02.0784 5988	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:31:02.0784 5988	LSI_SAS - ok
11:31:02.0831 5988	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:31:02.0847 5988	LSI_SCSI - ok
11:31:02.0862 5988	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:31:02.0909 5988	luafv - ok
11:31:02.0925 5988	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:31:02.0956 5988	Mcx2Svc - ok
11:31:03.0003 5988	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:31:03.0003 5988	megasas - ok
11:31:03.0034 5988	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:31:03.0081 5988	MegaSR - ok
11:31:03.0112 5988	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:31:03.0174 5988	MMCSS - ok
11:31:03.0190 5988	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:31:03.0221 5988	Modem - ok
11:31:03.0284 5988	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:31:03.0315 5988	monitor - ok
11:31:03.0315 5988	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:31:03.0330 5988	mouclass - ok
11:31:03.0346 5988	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:31:03.0377 5988	mouhid - ok
11:31:03.0393 5988	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:31:03.0408 5988	MountMgr - ok
11:31:03.0502 5988	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:31:03.0518 5988	MozillaMaintenance - ok
11:31:03.0580 5988	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:31:03.0596 5988	mpio - ok
11:31:03.0611 5988	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:31:03.0658 5988	mpsdrv - ok
11:31:03.0705 5988	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:31:03.0783 5988	MpsSvc - ok
11:31:03.0798 5988	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:31:03.0814 5988	Mraid35x - ok
11:31:03.0861 5988	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:31:03.0892 5988	MRxDAV - ok
11:31:03.0923 5988	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:31:03.0954 5988	mrxsmb - ok
11:31:03.0986 5988	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:31:04.0001 5988	mrxsmb10 - ok
11:31:04.0017 5988	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:31:04.0048 5988	mrxsmb20 - ok
11:31:04.0095 5988	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
11:31:04.0110 5988	msahci - ok
11:31:04.0126 5988	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:31:04.0142 5988	msdsm - ok
11:31:04.0173 5988	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:31:04.0204 5988	MSDTC - ok
11:31:04.0204 5988	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:31:04.0235 5988	Msfs - ok
11:31:04.0282 5988	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:31:04.0298 5988	msisadrv - ok
11:31:04.0313 5988	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:31:04.0360 5988	MSiSCSI - ok
11:31:04.0360 5988	msiserver - ok
11:31:04.0376 5988	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:31:04.0407 5988	MSKSSRV - ok
11:31:04.0422 5988	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:31:04.0454 5988	MSPCLOCK - ok
11:31:04.0454 5988	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:31:04.0485 5988	MSPQM - ok
11:31:04.0516 5988	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:31:04.0532 5988	MsRPC - ok
11:31:04.0547 5988	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:31:04.0547 5988	mssmbios - ok
11:31:04.0594 5988	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:31:04.0610 5988	MSTEE - ok
11:31:04.0641 5988	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:31:04.0656 5988	Mup - ok
11:31:04.0672 5988	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:31:04.0703 5988	napagent - ok
11:31:04.0781 5988	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:31:04.0781 5988	NativeWifiP - ok
11:31:04.0812 5988	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:31:04.0844 5988	NDIS - ok
11:31:04.0875 5988	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:31:04.0906 5988	NdisTapi - ok
11:31:04.0922 5988	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:31:04.0937 5988	Ndisuio - ok
11:31:04.0984 5988	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:31:05.0015 5988	NdisWan - ok
11:31:05.0015 5988	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:31:05.0031 5988	NDProxy - ok
11:31:05.0187 5988	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
11:31:05.0218 5988	Nero BackItUp Scheduler 3 - ok
11:31:05.0218 5988	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:31:05.0265 5988	NetBIOS - ok
11:31:05.0296 5988	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:31:05.0327 5988	netbt - ok
11:31:05.0374 5988	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:31:05.0390 5988	Netlogon - ok
11:31:05.0436 5988	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:31:05.0483 5988	Netman - ok
11:31:05.0514 5988	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:31:05.0561 5988	netprofm - ok
11:31:05.0655 5988	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:05.0655 5988	NetTcpPortSharing - ok
11:31:06.0014 5988	NETw5v32        (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:31:06.0185 5988	NETw5v32 - ok
11:31:06.0310 5988	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:31:06.0326 5988	nfrd960 - ok
11:31:06.0357 5988	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:31:06.0388 5988	NlaSvc - ok
11:31:06.0513 5988	NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
11:31:06.0528 5988	NMIndexingService - ok
11:31:06.0560 5988	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:31:06.0591 5988	Npfs - ok
11:31:06.0606 5988	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
11:31:06.0638 5988	NSCIRDA - ok
11:31:06.0653 5988	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:31:06.0684 5988	nsi - ok
11:31:06.0700 5988	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:31:06.0731 5988	nsiproxy - ok
11:31:06.0825 5988	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:31:06.0903 5988	Ntfs - ok
11:31:06.0981 5988	NTI IScheduleSvc (0f0f75069c8016645dfcae93a190cacf) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
11:31:06.0996 5988	NTI IScheduleSvc - ok
11:31:07.0012 5988	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
11:31:07.0028 5988	NTIDrvr - ok
11:31:07.0043 5988	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:31:07.0090 5988	ntrigdigi - ok
11:31:07.0090 5988	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:31:07.0121 5988	Null - ok
11:31:07.0199 5988	NVHDA           (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
11:31:07.0215 5988	NVHDA - ok
11:31:08.0088 5988	nvlddmkm        (3a3eb304b9bd9f4f6b3b745972f2c1e5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:31:09.0227 5988	nvlddmkm - ok
11:31:09.0368 5988	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:31:09.0383 5988	nvraid - ok
11:31:09.0383 5988	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:31:09.0399 5988	nvstor - ok
11:31:09.0446 5988	nvsvc           (c4efe7a3370351ed15ae728517fe09cb) C:\Windows\system32\nvvsvc.exe
11:31:09.0461 5988	nvsvc - ok
11:31:09.0461 5988	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:31:09.0477 5988	nv_agp - ok
11:31:09.0492 5988	NwlnkFlt - ok
11:31:09.0492 5988	NwlnkFwd - ok
11:31:09.0602 5988	odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:31:09.0633 5988	odserv - ok
11:31:09.0695 5988	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
11:31:09.0726 5988	ohci1394 - ok
11:31:09.0820 5988	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:31:09.0836 5988	ose - ok
11:31:09.0914 5988	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:31:10.0007 5988	p2pimsvc - ok
11:31:10.0023 5988	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:31:10.0132 5988	p2psvc - ok
11:31:10.0179 5988	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:31:10.0226 5988	Parport - ok
11:31:10.0272 5988	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:31:10.0288 5988	partmgr - ok
11:31:10.0288 5988	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:31:10.0335 5988	Parvdm - ok
11:31:10.0366 5988	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:31:10.0428 5988	PcaSvc - ok
11:31:10.0460 5988	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:31:10.0491 5988	pci - ok
11:31:10.0506 5988	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:31:10.0522 5988	pciide - ok
11:31:10.0569 5988	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
11:31:10.0584 5988	pcmcia - ok
11:31:10.0662 5988	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:31:10.0725 5988	PEAUTH - ok
11:31:10.0803 5988	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:31:10.0896 5988	pla - ok
11:31:10.0959 5988	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
11:31:10.0974 5988	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
11:31:10.0974 5988	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
11:31:11.0006 5988	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:31:11.0037 5988	PlugPlay - ok
11:31:11.0084 5988	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:31:11.0099 5988	PNRPAutoReg - ok
11:31:11.0115 5988	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:31:11.0162 5988	PNRPsvc - ok
11:31:11.0224 5988	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:31:11.0255 5988	PolicyAgent - ok
11:31:11.0318 5988	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:31:11.0349 5988	PptpMiniport - ok
11:31:11.0364 5988	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:31:11.0396 5988	Processor - ok
11:31:11.0411 5988	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:31:11.0442 5988	ProfSvc - ok
11:31:11.0474 5988	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:31:11.0474 5988	ProtectedStorage - ok
11:31:11.0505 5988	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:31:11.0536 5988	PSched - ok
11:31:11.0567 5988	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
11:31:11.0567 5988	PxHelp20 - ok
11:31:11.0661 5988	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:31:11.0708 5988	ql2300 - ok
11:31:11.0739 5988	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:31:11.0754 5988	ql40xx - ok
11:31:11.0786 5988	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:31:11.0817 5988	QWAVE - ok
11:31:11.0832 5988	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:31:11.0832 5988	QWAVEdrv - ok
11:31:11.0848 5988	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:31:11.0879 5988	RasAcd - ok
11:31:11.0910 5988	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:31:11.0957 5988	RasAuto - ok
11:31:11.0973 5988	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:31:11.0988 5988	Rasl2tp - ok
11:31:12.0020 5988	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:31:12.0066 5988	RasMan - ok
11:31:12.0082 5988	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:31:12.0098 5988	RasPppoe - ok
11:31:12.0129 5988	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:31:12.0129 5988	RasSstp - ok
11:31:12.0160 5988	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:31:12.0176 5988	rdbss - ok
11:31:12.0191 5988	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:31:12.0222 5988	RDPCDD - ok
11:31:12.0254 5988	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:31:12.0269 5988	rdpdr - ok
11:31:12.0285 5988	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:31:12.0332 5988	RDPENCDD - ok
11:31:12.0394 5988	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:31:12.0425 5988	RDPWD - ok
11:31:12.0503 5988	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:31:12.0534 5988	RemoteAccess - ok
11:31:12.0550 5988	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:31:12.0581 5988	RemoteRegistry - ok
11:31:12.0597 5988	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:31:12.0628 5988	RpcLocator - ok
11:31:12.0706 5988	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:31:12.0737 5988	RpcSs - ok
11:31:12.0753 5988	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:31:12.0800 5988	rspndr - ok
11:31:12.0846 5988	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:31:12.0862 5988	SamSs - ok
11:31:12.0878 5988	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:31:12.0893 5988	sbp2port - ok
11:31:12.0956 5988	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:31:12.0987 5988	SCardSvr - ok
11:31:13.0034 5988	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:31:13.0080 5988	Schedule - ok
11:31:13.0112 5988	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:31:13.0143 5988	SCPolicySvc - ok
11:31:13.0158 5988	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:31:13.0221 5988	sdbus - ok
11:31:13.0236 5988	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:31:13.0299 5988	SDRSVC - ok
11:31:13.0314 5988	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:31:13.0361 5988	secdrv - ok
11:31:13.0377 5988	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:31:13.0408 5988	seclogon - ok
11:31:13.0424 5988	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:31:13.0455 5988	SENS - ok
11:31:13.0470 5988	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:31:13.0517 5988	Serenum - ok
11:31:13.0548 5988	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:31:13.0595 5988	Serial - ok
11:31:13.0595 5988	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:31:13.0626 5988	sermouse - ok
11:31:13.0658 5988	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:31:13.0689 5988	SessionEnv - ok
11:31:13.0736 5988	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:31:13.0751 5988	sffdisk - ok
11:31:13.0814 5988	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:31:13.0845 5988	sffp_mmc - ok
11:31:13.0876 5988	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:31:13.0892 5988	sffp_sd - ok
11:31:13.0907 5988	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:31:13.0970 5988	sfloppy - ok
11:31:14.0001 5988	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:31:14.0048 5988	SharedAccess - ok
11:31:14.0079 5988	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:31:14.0110 5988	ShellHWDetection - ok
11:31:14.0141 5988	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:31:14.0157 5988	sisagp - ok
11:31:14.0157 5988	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:31:14.0172 5988	SiSRaid2 - ok
11:31:14.0172 5988	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:31:14.0188 5988	SiSRaid4 - ok
11:31:14.0344 5988	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:31:14.0656 5988	slsvc - ok
11:31:14.0750 5988	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:31:14.0796 5988	SLUINotify - ok
11:31:14.0812 5988	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:31:14.0843 5988	Smb - ok
11:31:14.0874 5988	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:31:14.0874 5988	SNMPTRAP - ok
11:31:14.0906 5988	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:31:14.0921 5988	spldr - ok
11:31:14.0952 5988	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:31:14.0968 5988	Spooler - ok
11:31:14.0999 5988	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:31:15.0030 5988	srv - ok
11:31:15.0062 5988	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:31:15.0093 5988	srv2 - ok
11:31:15.0108 5988	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:31:15.0124 5988	srvnet - ok
11:31:15.0155 5988	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:31:15.0186 5988	SSDPSRV - ok
11:31:15.0218 5988	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:31:15.0233 5988	SstpSvc - ok
11:31:15.0280 5988	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:31:15.0311 5988	stisvc - ok
11:31:15.0327 5988	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:31:15.0342 5988	swenum - ok
11:31:15.0374 5988	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:31:15.0405 5988	swprv - ok
11:31:15.0420 5988	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:31:15.0436 5988	Symc8xx - ok
11:31:15.0452 5988	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:31:15.0467 5988	Sym_hi - ok
11:31:15.0467 5988	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:31:15.0483 5988	Sym_u3 - ok
11:31:15.0545 5988	SynTP           (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
11:31:15.0561 5988	SynTP - ok
11:31:15.0592 5988	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:31:15.0639 5988	SysMain - ok
11:31:15.0701 5988	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:31:15.0717 5988	TabletInputService - ok
11:31:15.0748 5988	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:31:15.0795 5988	TapiSrv - ok
11:31:15.0810 5988	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:31:15.0857 5988	TBS - ok
11:31:15.0935 5988	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:31:15.0966 5988	Tcpip - ok
11:31:15.0982 5988	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:31:16.0013 5988	Tcpip6 - ok
11:31:16.0029 5988	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:31:16.0044 5988	tcpipreg - ok
11:31:16.0091 5988	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:31:16.0122 5988	TDPIPE - ok
11:31:16.0138 5988	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:31:16.0169 5988	TDTCP - ok
11:31:16.0185 5988	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:31:16.0216 5988	tdx - ok
11:31:16.0247 5988	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:31:16.0263 5988	TermDD - ok
11:31:16.0294 5988	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:31:16.0341 5988	TermService - ok
11:31:16.0372 5988	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:31:16.0388 5988	Themes - ok
11:31:16.0403 5988	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:31:16.0419 5988	THREADORDER - ok
11:31:16.0450 5988	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:31:16.0481 5988	TrkWks - ok
11:31:16.0512 5988	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:31:16.0544 5988	TrustedInstaller - ok
11:31:16.0575 5988	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:31:16.0622 5988	tssecsrv - ok
11:31:16.0622 5988	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:31:16.0653 5988	tunnel - ok
11:31:16.0668 5988	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:31:16.0684 5988	uagp35 - ok
11:31:16.0731 5988	UBHelper        (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
11:31:16.0746 5988	UBHelper - ok
11:31:16.0778 5988	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:31:16.0793 5988	udfs - ok
11:31:16.0824 5988	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:31:16.0856 5988	UI0Detect - ok
11:31:16.0887 5988	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:31:16.0902 5988	uliagpkx - ok
11:31:16.0934 5988	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:31:16.0949 5988	uliahci - ok
11:31:16.0996 5988	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:31:16.0996 5988	UlSata - ok
11:31:17.0027 5988	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:31:17.0058 5988	ulsata2 - ok
11:31:17.0058 5988	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:31:17.0105 5988	umbus - ok
11:31:17.0136 5988	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:31:17.0168 5988	upnphost - ok
11:31:17.0183 5988	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:31:17.0214 5988	usbccgp - ok
11:31:17.0246 5988	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:31:17.0292 5988	usbcir - ok
11:31:17.0339 5988	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:31:17.0370 5988	usbehci - ok
11:31:17.0386 5988	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:31:17.0417 5988	usbhub - ok
11:31:17.0448 5988	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:31:17.0495 5988	usbohci - ok
11:31:17.0495 5988	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:31:17.0542 5988	usbprint - ok
11:31:17.0558 5988	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:31:17.0573 5988	USBSTOR - ok
11:31:17.0589 5988	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:31:17.0620 5988	usbuhci - ok
11:31:17.0636 5988	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:31:17.0667 5988	usbvideo - ok
11:31:17.0698 5988	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:31:17.0729 5988	UxSms - ok
11:31:17.0776 5988	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:31:17.0823 5988	vds - ok
11:31:17.0838 5988	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:31:17.0885 5988	vga - ok
11:31:17.0901 5988	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:31:17.0916 5988	VgaSave - ok
11:31:17.0932 5988	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:31:17.0948 5988	viaagp - ok
11:31:17.0963 5988	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:31:17.0979 5988	ViaC7 - ok
11:31:18.0010 5988	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:31:18.0010 5988	viaide - ok
11:31:18.0041 5988	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:31:18.0041 5988	volmgr - ok
11:31:18.0072 5988	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:31:18.0104 5988	volmgrx - ok
11:31:18.0119 5988	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:31:18.0135 5988	volsnap - ok
11:31:18.0182 5988	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:31:18.0182 5988	vsmraid - ok
11:31:18.0244 5988	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:31:18.0291 5988	VSS - ok
11:31:18.0322 5988	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:31:18.0338 5988	W32Time - ok
11:31:18.0416 5988	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:31:18.0478 5988	WacomPen - ok
11:31:18.0494 5988	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:31:18.0525 5988	Wanarp - ok
11:31:18.0525 5988	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:31:18.0540 5988	Wanarpv6 - ok
11:31:18.0587 5988	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:31:18.0603 5988	wcncsvc - ok
11:31:18.0634 5988	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:31:18.0665 5988	WcsPlugInService - ok
11:31:18.0681 5988	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:31:18.0696 5988	Wd - ok
11:31:18.0743 5988	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:31:18.0790 5988	Wdf01000 - ok
11:31:18.0821 5988	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:31:18.0852 5988	WdiServiceHost - ok
11:31:18.0868 5988	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:31:18.0884 5988	WdiSystemHost - ok
11:31:18.0946 5988	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:31:18.0977 5988	WebClient - ok
11:31:19.0008 5988	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
11:31:19.0024 5988	Wecsvc - ok
11:31:19.0040 5988	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:31:19.0071 5988	wercplsupport - ok
11:31:19.0102 5988	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:31:19.0118 5988	WerSvc - ok
11:31:19.0164 5988	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:31:19.0227 5988	winachsf - ok
11:31:19.0305 5988	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:31:19.0320 5988	WinDefend - ok
11:31:19.0336 5988	WinHttpAutoProxySvc - ok
11:31:19.0383 5988	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:31:19.0414 5988	Winmgmt - ok
11:31:19.0508 5988	WinRM           (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
11:31:19.0601 5988	WinRM - ok
11:31:19.0664 5988	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:31:19.0742 5988	Wlansvc - ok
11:31:19.0804 5988	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:31:19.0820 5988	WmiAcpi - ok
11:31:19.0882 5988	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:31:19.0929 5988	wmiApSrv - ok
11:31:20.0069 5988	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:31:20.0210 5988	WMPNetworkSvc - ok
11:31:20.0241 5988	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:31:20.0288 5988	WPCSvc - ok
11:31:20.0397 5988	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:31:20.0444 5988	WPDBusEnum - ok
11:31:20.0490 5988	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:31:20.0522 5988	ws2ifsl - ok
11:31:20.0553 5988	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
11:31:20.0584 5988	wscsvc - ok
11:31:20.0584 5988	WSearch - ok
11:31:20.0771 5988	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:31:20.0865 5988	wuauserv - ok
11:31:21.0068 5988	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:31:21.0114 5988	WUDFRd - ok
11:31:21.0146 5988	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:31:21.0192 5988	wudfsvc - ok
11:31:21.0239 5988	MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
11:31:21.0270 5988	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
11:31:21.0270 5988	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
11:31:21.0411 5988	Boot (0x1200)   (b82810ea05973f2aade2d107958e1e7e) \Device\Harddisk0\DR0\Partition0
11:31:21.0411 5988	\Device\Harddisk0\DR0\Partition0 - ok
11:31:21.0426 5988	============================================================
11:31:21.0426 5988	Scan finished
11:31:21.0426 5988	============================================================
11:31:21.0426 4020	Detected object count: 4
11:31:21.0426 4020	Actual detected object count: 4
11:31:55.0668 4020	ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:55.0668 4020	ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:55.0668 4020	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:55.0668 4020	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:55.0668 4020	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:55.0668 4020	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:55.0684 4020	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
11:31:55.0684 4020	\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip 
11:32:40.0332 4000	Deinitialize success

cosinus · 05.08.2012, 16:02

Code:

ATTFilter

\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user

Das ist die Zecke!

Diesen Eintrag => Rootkit.Boot.Wistler.a <= bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Torch · 05.08.2012, 21:52

So also es sieht gut aus. Habe Eset auch noch mal im Arbeitsspeichern scannen lassen und der hat nichts gefunden :-)
So hier ist das Log:

Code:

ATTFilter

22:44:34.0200 1644	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:44:34.0231 1644	============================================================
22:44:34.0231 1644	Current date / time: 2012/08/05 22:44:34.0231
22:44:34.0231 1644	SystemInfo:
22:44:34.0231 1644	
22:44:34.0231 1644	OS Version: 6.0.6002 ServicePack: 2.0
22:44:34.0231 1644	Product type: Workstation
22:44:34.0231 1644	ComputerName: ENRICO-PC
22:44:34.0231 1644	UserName: Enrico
22:44:34.0231 1644	Windows directory: C:\Windows
22:44:34.0231 1644	System windows directory: C:\Windows
22:44:34.0231 1644	Processor architecture: Intel x86
22:44:34.0231 1644	Number of processors: 2
22:44:34.0231 1644	Page size: 0x1000
22:44:34.0231 1644	Boot type: Normal boot
22:44:34.0231 1644	============================================================
22:44:34.0761 1644	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:44:34.0761 1644	============================================================
22:44:34.0761 1644	\Device\Harddisk0\DR0:
22:44:34.0761 1644	MBR partitions:
22:44:34.0761 1644	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
22:44:34.0761 1644	============================================================
22:44:34.0793 1644	C: <-> \Device\Harddisk0\DR0\Partition0
22:44:34.0793 1644	============================================================
22:44:34.0793 1644	Initialize success
22:44:34.0793 1644	============================================================
22:45:04.0542 2840	============================================================
22:45:04.0542 2840	Scan started
22:45:04.0542 2840	Mode: Manual; SigCheck; TDLFS; 
22:45:04.0542 2840	============================================================
22:45:04.0760 2840	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:45:04.0854 2840	ACPI - ok
22:45:04.0932 2840	AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
22:45:04.0947 2840	AdobeActiveFileMonitor6.0 - ok
22:45:05.0010 2840	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:45:05.0041 2840	adp94xx - ok
22:45:05.0057 2840	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:45:05.0072 2840	adpahci - ok
22:45:05.0088 2840	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:45:05.0103 2840	adpu160m - ok
22:45:05.0119 2840	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:45:05.0135 2840	adpu320 - ok
22:45:05.0181 2840	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:45:05.0197 2840	AeLookupSvc - ok
22:45:05.0275 2840	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:45:05.0306 2840	AFD - ok
22:45:05.0369 2840	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:45:05.0369 2840	agp440 - ok
22:45:05.0400 2840	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:45:05.0415 2840	aic78xx - ok
22:45:05.0447 2840	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:45:05.0462 2840	ALG - ok
22:45:05.0478 2840	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:45:05.0478 2840	aliide - ok
22:45:05.0493 2840	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:45:05.0509 2840	amdagp - ok
22:45:05.0525 2840	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:45:05.0540 2840	amdide - ok
22:45:05.0587 2840	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:45:05.0618 2840	AmdK7 - ok
22:45:05.0634 2840	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:45:05.0649 2840	AmdK8 - ok
22:45:05.0727 2840	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:45:05.0743 2840	Appinfo - ok
22:45:05.0759 2840	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:45:05.0774 2840	arc - ok
22:45:05.0821 2840	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:45:05.0837 2840	arcsas - ok
22:45:05.0868 2840	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:05.0899 2840	AsyncMac - ok
22:45:05.0915 2840	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:45:05.0930 2840	atapi - ok
22:45:06.0008 2840	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:45:06.0039 2840	AudioEndpointBuilder - ok
22:45:06.0039 2840	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:45:06.0071 2840	Audiosrv - ok
22:45:06.0149 2840	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:45:06.0180 2840	b57nd60x - ok
22:45:06.0242 2840	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:45:06.0273 2840	Beep - ok
22:45:06.0351 2840	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:45:06.0383 2840	BFE - ok
22:45:06.0492 2840	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:45:06.0539 2840	BITS - ok
22:45:06.0570 2840	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:45:06.0585 2840	blbdrive - ok
22:45:06.0617 2840	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:45:06.0617 2840	bowser - ok
22:45:06.0663 2840	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:45:06.0695 2840	BrFiltLo - ok
22:45:06.0710 2840	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:45:06.0726 2840	BrFiltUp - ok
22:45:06.0741 2840	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:45:06.0757 2840	Browser - ok
22:45:06.0819 2840	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:45:06.0866 2840	Brserid - ok
22:45:06.0866 2840	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:45:06.0913 2840	BrSerWdm - ok
22:45:06.0929 2840	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:45:06.0960 2840	BrUsbMdm - ok
22:45:06.0975 2840	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:45:07.0007 2840	BrUsbSer - ok
22:45:07.0022 2840	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:45:07.0069 2840	BTHMODEM - ok
22:45:07.0116 2840	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:45:07.0147 2840	cdfs - ok
22:45:07.0178 2840	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:45:07.0194 2840	cdrom - ok
22:45:07.0256 2840	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:45:07.0287 2840	CertPropSvc - ok
22:45:07.0303 2840	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:45:07.0334 2840	circlass - ok
22:45:07.0381 2840	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:45:07.0397 2840	CLFS - ok
22:45:07.0490 2840	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:45:07.0506 2840	clr_optimization_v2.0.50727_32 - ok
22:45:07.0553 2840	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:45:07.0584 2840	CmBatt - ok
22:45:07.0599 2840	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:45:07.0615 2840	cmdide - ok
22:45:07.0709 2840	CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
22:45:07.0755 2840	CnxtHdAudService - ok
22:45:07.0771 2840	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:45:07.0787 2840	Compbatt - ok
22:45:07.0802 2840	COMSysApp - ok
22:45:07.0802 2840	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:45:07.0818 2840	crcdisk - ok
22:45:07.0833 2840	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:45:07.0865 2840	Crusoe - ok
22:45:07.0927 2840	CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
22:45:07.0958 2840	CryptSvc - ok
22:45:08.0052 2840	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:45:08.0083 2840	DcomLaunch - ok
22:45:08.0114 2840	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:45:08.0130 2840	DfsC - ok
22:45:08.0286 2840	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:45:08.0333 2840	DFSR - ok
22:45:08.0473 2840	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:45:08.0489 2840	Dhcp - ok
22:45:08.0504 2840	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:45:08.0520 2840	disk - ok
22:45:08.0582 2840	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
22:45:08.0598 2840	DKbFltr - ok
22:45:08.0645 2840	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:45:08.0691 2840	Dnscache - ok
22:45:08.0707 2840	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:45:08.0738 2840	dot3svc - ok
22:45:08.0785 2840	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:45:08.0801 2840	DPS - ok
22:45:08.0832 2840	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:45:08.0863 2840	drmkaud - ok
22:45:08.0910 2840	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:45:08.0941 2840	DXGKrnl - ok
22:45:09.0003 2840	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:45:09.0019 2840	E1G60 - ok
22:45:09.0066 2840	eamonm          (8a45015e85a4dce0086b9973f0fd9a20) C:\Windows\system32\DRIVERS\eamonm.sys
22:45:09.0081 2840	eamonm - ok
22:45:09.0113 2840	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:45:09.0128 2840	EapHost - ok
22:45:09.0206 2840	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:45:09.0237 2840	Ecache - ok
22:45:09.0300 2840	ehdrv           (5412ed24fffca64e2f0168399b86c952) C:\Windows\system32\DRIVERS\ehdrv.sys
22:45:09.0315 2840	ehdrv - ok
22:45:09.0378 2840	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:45:09.0393 2840	ehRecvr - ok
22:45:09.0409 2840	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:45:09.0425 2840	ehSched - ok
22:45:09.0440 2840	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:45:09.0456 2840	ehstart - ok
22:45:09.0581 2840	ekrn            (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
22:45:09.0612 2840	ekrn - ok
22:45:09.0783 2840	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:45:09.0815 2840	elxstor - ok
22:45:09.0908 2840	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:45:09.0939 2840	EMDMgmt - ok
22:45:10.0002 2840	epfw            (774babcb1144513dc86992003740b774) C:\Windows\system32\DRIVERS\epfw.sys
22:45:10.0017 2840	epfw - ok
22:45:10.0033 2840	EpfwLWF         (2c22cc39309ee06ae870c183bf2a769d) C:\Windows\system32\DRIVERS\EpfwLWF.sys
22:45:10.0033 2840	EpfwLWF - ok
22:45:10.0049 2840	epfwwfp         (2b4e5f01a4e786b422f4d617b51fa7d9) C:\Windows\system32\DRIVERS\epfwwfp.sys
22:45:10.0064 2840	epfwwfp - ok
22:45:10.0251 2840	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
22:45:10.0283 2840	ePowerSvc - ok
22:45:10.0314 2840	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:45:10.0345 2840	ErrDev - ok
22:45:10.0392 2840	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:45:10.0423 2840	EventSystem - ok
22:45:10.0501 2840	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:45:10.0532 2840	exfat - ok
22:45:10.0610 2840	ezSharedSvc     (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
22:45:10.0610 2840	ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
22:45:10.0610 2840	ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
22:45:10.0641 2840	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:45:10.0657 2840	fastfat - ok
22:45:10.0688 2840	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:45:10.0719 2840	fdc - ok
22:45:10.0735 2840	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:45:10.0766 2840	fdPHost - ok
22:45:10.0766 2840	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:45:10.0829 2840	FDResPub - ok
22:45:10.0844 2840	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:45:10.0860 2840	FileInfo - ok
22:45:10.0875 2840	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:45:10.0891 2840	Filetrace - ok
22:45:11.0000 2840	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:45:11.0016 2840	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:45:11.0016 2840	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:45:11.0031 2840	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:45:11.0063 2840	flpydisk - ok
22:45:11.0094 2840	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:45:11.0125 2840	FltMgr - ok
22:45:11.0265 2840	FontCache       (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
22:45:11.0312 2840	FontCache - ok
22:45:11.0406 2840	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:45:11.0421 2840	FontCache3.0.0.0 - ok
22:45:11.0453 2840	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:45:11.0484 2840	Fs_Rec - ok
22:45:11.0499 2840	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:45:11.0515 2840	gagp30kx - ok
22:45:11.0593 2840	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:45:11.0640 2840	gpsvc - ok
22:45:11.0702 2840	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:45:11.0765 2840	HdAudAddService - ok
22:45:11.0811 2840	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:45:11.0843 2840	HDAudBus - ok
22:45:11.0858 2840	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:45:11.0905 2840	HidBth - ok
22:45:11.0921 2840	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:45:11.0952 2840	HidIr - ok
22:45:11.0983 2840	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:45:11.0983 2840	hidserv - ok
22:45:12.0014 2840	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:45:12.0030 2840	HidUsb - ok
22:45:12.0061 2840	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:45:12.0092 2840	hkmsvc - ok
22:45:12.0108 2840	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:45:12.0108 2840	HpCISSs - ok
22:45:12.0170 2840	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:45:12.0186 2840	HSFHWAZL - ok
22:45:12.0248 2840	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:45:12.0295 2840	HSF_DPV - ok
22:45:12.0357 2840	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:45:12.0404 2840	HTTP - ok
22:45:12.0451 2840	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:45:12.0467 2840	i2omp - ok
22:45:12.0513 2840	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:45:12.0529 2840	i8042prt - ok
22:45:12.0560 2840	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
22:45:12.0576 2840	iaStor - ok
22:45:12.0623 2840	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:45:12.0638 2840	iaStorV - ok
22:45:12.0732 2840	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:45:12.0763 2840	idsvc - ok
22:45:12.0810 2840	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:45:12.0825 2840	iirsp - ok
22:45:12.0857 2840	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:45:12.0888 2840	IKEEXT - ok
22:45:12.0950 2840	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:45:12.0966 2840	intelide - ok
22:45:13.0013 2840	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:45:13.0028 2840	intelppm - ok
22:45:13.0059 2840	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:45:13.0075 2840	IPBusEnum - ok
22:45:13.0091 2840	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:13.0122 2840	IpFilterDriver - ok
22:45:13.0153 2840	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:45:13.0169 2840	iphlpsvc - ok
22:45:13.0184 2840	IpInIp - ok
22:45:13.0200 2840	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:45:13.0231 2840	IPMIDRV - ok
22:45:13.0231 2840	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:45:13.0262 2840	IPNAT - ok
22:45:13.0309 2840	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
22:45:13.0325 2840	irda - ok
22:45:13.0340 2840	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:45:13.0356 2840	IRENUM - ok
22:45:13.0387 2840	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
22:45:13.0434 2840	Irmon - ok
22:45:13.0434 2840	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:45:13.0449 2840	isapnp - ok
22:45:13.0496 2840	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:45:13.0512 2840	iScsiPrt - ok
22:45:13.0512 2840	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:45:13.0527 2840	iteatapi - ok
22:45:13.0543 2840	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:45:13.0559 2840	iteraid - ok
22:45:13.0621 2840	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
22:45:13.0668 2840	k57nd60x - ok
22:45:13.0699 2840	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:45:13.0715 2840	kbdclass - ok
22:45:13.0715 2840	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:45:13.0746 2840	kbdhid - ok
22:45:13.0793 2840	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:13.0824 2840	KeyIso - ok
22:45:13.0871 2840	KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
22:45:13.0902 2840	KSecDD - ok
22:45:14.0011 2840	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:45:14.0058 2840	KtmRm - ok
22:45:14.0073 2840	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:45:14.0105 2840	LanmanServer - ok
22:45:14.0167 2840	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:45:14.0198 2840	LanmanWorkstation - ok
22:45:14.0229 2840	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:45:14.0245 2840	lltdio - ok
22:45:14.0385 2840	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:45:14.0432 2840	lltdsvc - ok
22:45:14.0448 2840	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:45:14.0495 2840	lmhosts - ok
22:45:14.0510 2840	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:45:14.0526 2840	LSI_FC - ok
22:45:14.0526 2840	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:45:14.0541 2840	LSI_SAS - ok
22:45:14.0573 2840	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:45:14.0588 2840	LSI_SCSI - ok
22:45:14.0619 2840	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:45:14.0635 2840	luafv - ok
22:45:14.0651 2840	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:45:14.0666 2840	Mcx2Svc - ok
22:45:14.0729 2840	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:45:14.0744 2840	megasas - ok
22:45:14.0760 2840	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:45:14.0791 2840	MegaSR - ok
22:45:14.0822 2840	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:45:14.0853 2840	MMCSS - ok
22:45:14.0869 2840	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:45:14.0885 2840	Modem - ok
22:45:14.0947 2840	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:45:14.0978 2840	monitor - ok
22:45:14.0978 2840	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:45:14.0994 2840	mouclass - ok
22:45:15.0009 2840	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:45:15.0041 2840	mouhid - ok
22:45:15.0056 2840	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:45:15.0056 2840	MountMgr - ok
22:45:15.0150 2840	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:45:15.0165 2840	MozillaMaintenance - ok
22:45:15.0228 2840	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:45:15.0243 2840	mpio - ok
22:45:15.0259 2840	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:45:15.0290 2840	mpsdrv - ok
22:45:15.0321 2840	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:45:15.0337 2840	MpsSvc - ok
22:45:15.0384 2840	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:45:15.0399 2840	Mraid35x - ok
22:45:15.0431 2840	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:45:15.0446 2840	MRxDAV - ok
22:45:15.0462 2840	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:15.0493 2840	mrxsmb - ok
22:45:15.0509 2840	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:15.0524 2840	mrxsmb10 - ok
22:45:15.0555 2840	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:15.0555 2840	mrxsmb20 - ok
22:45:15.0633 2840	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:45:15.0633 2840	msahci - ok
22:45:15.0649 2840	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:45:15.0665 2840	msdsm - ok
22:45:15.0696 2840	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:45:15.0727 2840	MSDTC - ok
22:45:15.0743 2840	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:45:15.0774 2840	Msfs - ok
22:45:15.0789 2840	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:45:15.0805 2840	msisadrv - ok
22:45:15.0836 2840	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:45:15.0867 2840	MSiSCSI - ok
22:45:15.0867 2840	msiserver - ok
22:45:15.0883 2840	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:45:15.0899 2840	MSKSSRV - ok
22:45:15.0914 2840	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:15.0930 2840	MSPCLOCK - ok
22:45:15.0945 2840	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:45:15.0977 2840	MSPQM - ok
22:45:16.0008 2840	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:45:16.0023 2840	MsRPC - ok
22:45:16.0055 2840	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:45:16.0055 2840	mssmbios - ok
22:45:16.0101 2840	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:45:16.0117 2840	MSTEE - ok
22:45:16.0148 2840	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:45:16.0164 2840	Mup - ok
22:45:16.0211 2840	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:45:16.0242 2840	napagent - ok
22:45:16.0304 2840	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:45:16.0335 2840	NativeWifiP - ok
22:45:16.0429 2840	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:45:16.0460 2840	NDIS - ok
22:45:16.0476 2840	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:16.0507 2840	NdisTapi - ok
22:45:16.0507 2840	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:16.0538 2840	Ndisuio - ok
22:45:16.0569 2840	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:16.0585 2840	NdisWan - ok
22:45:16.0601 2840	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:45:16.0616 2840	NDProxy - ok
22:45:16.0757 2840	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:45:16.0788 2840	Nero BackItUp Scheduler 3 - ok
22:45:16.0788 2840	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:45:16.0819 2840	NetBIOS - ok
22:45:16.0850 2840	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:45:16.0866 2840	netbt - ok
22:45:16.0913 2840	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:16.0928 2840	Netlogon - ok
22:45:16.0975 2840	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:45:17.0022 2840	Netman - ok
22:45:17.0053 2840	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:45:17.0100 2840	netprofm - ok
22:45:17.0178 2840	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:45:17.0193 2840	NetTcpPortSharing - ok
22:45:17.0474 2840	NETw5v32        (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:45:17.0646 2840	NETw5v32 - ok
22:45:17.0771 2840	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:45:17.0786 2840	nfrd960 - ok
22:45:17.0817 2840	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:45:17.0849 2840	NlaSvc - ok
22:45:18.0005 2840	NMIndexingService (cd4326bc339f98de21aa07b208a305ae) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:45:18.0036 2840	NMIndexingService - ok
22:45:18.0067 2840	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:45:18.0098 2840	Npfs - ok
22:45:18.0129 2840	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
22:45:18.0161 2840	NSCIRDA - ok
22:45:18.0192 2840	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:45:18.0223 2840	nsi - ok
22:45:18.0223 2840	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:45:18.0254 2840	nsiproxy - ok
22:45:18.0301 2840	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:45:18.0348 2840	Ntfs - ok
22:45:18.0410 2840	NTI IScheduleSvc (0f0f75069c8016645dfcae93a190cacf) C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
22:45:18.0426 2840	NTI IScheduleSvc - ok
22:45:18.0441 2840	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
22:45:18.0457 2840	NTIDrvr - ok
22:45:18.0473 2840	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:45:18.0519 2840	ntrigdigi - ok
22:45:18.0519 2840	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:45:18.0551 2840	Null - ok
22:45:18.0613 2840	NVHDA           (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
22:45:18.0629 2840	NVHDA - ok
22:45:19.0674 2840	nvlddmkm        (3a3eb304b9bd9f4f6b3b745972f2c1e5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:45:20.0267 2840	nvlddmkm - ok
22:45:20.0407 2840	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:45:20.0423 2840	nvraid - ok
22:45:20.0423 2840	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:45:20.0438 2840	nvstor - ok
22:45:20.0485 2840	nvsvc           (c4efe7a3370351ed15ae728517fe09cb) C:\Windows\system32\nvvsvc.exe
22:45:20.0501 2840	nvsvc - ok
22:45:20.0516 2840	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:45:20.0532 2840	nv_agp - ok
22:45:20.0532 2840	NwlnkFlt - ok
22:45:20.0532 2840	NwlnkFwd - ok
22:45:20.0641 2840	odserv          (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:45:20.0672 2840	odserv - ok
22:45:20.0735 2840	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:45:20.0766 2840	ohci1394 - ok
22:45:20.0875 2840	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:45:20.0891 2840	ose - ok
22:45:20.0984 2840	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:21.0031 2840	p2pimsvc - ok
22:45:21.0047 2840	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:21.0078 2840	p2psvc - ok
22:45:21.0093 2840	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:45:21.0156 2840	Parport - ok
22:45:21.0203 2840	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
22:45:21.0218 2840	partmgr - ok
22:45:21.0218 2840	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:45:21.0281 2840	Parvdm - ok
22:45:21.0296 2840	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:45:21.0312 2840	PcaSvc - ok
22:45:21.0343 2840	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:45:21.0359 2840	pci - ok
22:45:21.0374 2840	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:45:21.0390 2840	pciide - ok
22:45:21.0437 2840	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
22:45:21.0452 2840	pcmcia - ok
22:45:21.0530 2840	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:45:21.0608 2840	PEAUTH - ok
22:45:21.0702 2840	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:45:21.0764 2840	pla - ok
22:45:21.0889 2840	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
22:45:21.0889 2840	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:45:21.0889 2840	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:45:21.0920 2840	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:45:21.0951 2840	PlugPlay - ok
22:45:22.0029 2840	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:22.0045 2840	PNRPAutoReg - ok
22:45:22.0061 2840	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:45:22.0092 2840	PNRPsvc - ok
22:45:22.0139 2840	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:45:22.0170 2840	PolicyAgent - ok
22:45:22.0217 2840	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:45:22.0248 2840	PptpMiniport - ok
22:45:22.0263 2840	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:45:22.0295 2840	Processor - ok
22:45:22.0326 2840	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:45:22.0357 2840	ProfSvc - ok
22:45:22.0388 2840	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:22.0404 2840	ProtectedStorage - ok
22:45:22.0435 2840	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:45:22.0466 2840	PSched - ok
22:45:22.0497 2840	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:45:22.0513 2840	PxHelp20 - ok
22:45:22.0591 2840	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:45:22.0638 2840	ql2300 - ok
22:45:22.0669 2840	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:45:22.0685 2840	ql40xx - ok
22:45:22.0716 2840	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:45:22.0731 2840	QWAVE - ok
22:45:22.0747 2840	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:45:22.0763 2840	QWAVEdrv - ok
22:45:22.0778 2840	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:45:22.0794 2840	RasAcd - ok
22:45:22.0809 2840	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:45:22.0841 2840	RasAuto - ok
22:45:22.0856 2840	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:22.0887 2840	Rasl2tp - ok
22:45:22.0919 2840	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:45:22.0934 2840	RasMan - ok
22:45:22.0950 2840	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:22.0965 2840	RasPppoe - ok
22:45:22.0981 2840	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:45:22.0997 2840	RasSstp - ok
22:45:23.0012 2840	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:45:23.0043 2840	rdbss - ok
22:45:23.0043 2840	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:23.0075 2840	RDPCDD - ok
22:45:23.0106 2840	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:45:23.0121 2840	rdpdr - ok
22:45:23.0137 2840	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:45:23.0168 2840	RDPENCDD - ok
22:45:23.0231 2840	RDPWD           (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
22:45:23.0246 2840	RDPWD - ok
22:45:23.0324 2840	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:45:23.0355 2840	RemoteAccess - ok
22:45:23.0371 2840	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:45:23.0402 2840	RemoteRegistry - ok
22:45:23.0418 2840	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:45:23.0433 2840	RpcLocator - ok
22:45:23.0511 2840	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:45:23.0558 2840	RpcSs - ok
22:45:23.0574 2840	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:45:23.0605 2840	rspndr - ok
22:45:23.0652 2840	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:45:23.0667 2840	SamSs - ok
22:45:23.0683 2840	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:45:23.0699 2840	sbp2port - ok
22:45:23.0761 2840	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:45:23.0792 2840	SCardSvr - ok
22:45:23.0870 2840	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:45:23.0917 2840	Schedule - ok
22:45:23.0933 2840	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:45:23.0964 2840	SCPolicySvc - ok
22:45:23.0995 2840	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:45:24.0026 2840	sdbus - ok
22:45:24.0057 2840	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:45:24.0073 2840	SDRSVC - ok
22:45:24.0089 2840	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:45:24.0135 2840	secdrv - ok
22:45:24.0151 2840	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:45:24.0167 2840	seclogon - ok
22:45:24.0182 2840	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:45:24.0213 2840	SENS - ok
22:45:24.0229 2840	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:45:24.0260 2840	Serenum - ok
22:45:24.0276 2840	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:45:24.0307 2840	Serial - ok
22:45:24.0323 2840	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:45:24.0338 2840	sermouse - ok
22:45:24.0369 2840	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:45:24.0401 2840	SessionEnv - ok
22:45:24.0401 2840	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:45:24.0416 2840	sffdisk - ok
22:45:24.0432 2840	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:45:24.0463 2840	sffp_mmc - ok
22:45:24.0463 2840	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:45:24.0494 2840	sffp_sd - ok
22:45:24.0494 2840	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:45:24.0541 2840	sfloppy - ok
22:45:24.0572 2840	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:45:24.0619 2840	SharedAccess - ok
22:45:24.0666 2840	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:45:24.0697 2840	ShellHWDetection - ok
22:45:24.0728 2840	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:45:24.0744 2840	sisagp - ok
22:45:24.0759 2840	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:45:24.0775 2840	SiSRaid2 - ok
22:45:24.0791 2840	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:45:24.0806 2840	SiSRaid4 - ok
22:45:25.0134 2840	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:45:25.0259 2840	slsvc - ok
22:45:25.0399 2840	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:45:25.0430 2840	SLUINotify - ok
22:45:25.0446 2840	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:45:25.0477 2840	Smb - ok
22:45:25.0493 2840	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:45:25.0524 2840	SNMPTRAP - ok
22:45:25.0539 2840	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:45:25.0555 2840	spldr - ok
22:45:25.0586 2840	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:45:25.0617 2840	Spooler - ok
22:45:25.0664 2840	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:45:25.0695 2840	srv - ok
22:45:25.0711 2840	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:45:25.0742 2840	srv2 - ok
22:45:25.0773 2840	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:45:25.0789 2840	srvnet - ok
22:45:25.0820 2840	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:45:25.0851 2840	SSDPSRV - ok
22:45:25.0898 2840	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:45:25.0914 2840	SstpSvc - ok
22:45:25.0945 2840	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:45:25.0976 2840	stisvc - ok
22:45:25.0992 2840	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:45:26.0007 2840	swenum - ok
22:45:26.0039 2840	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:45:26.0054 2840	swprv - ok
22:45:26.0070 2840	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:45:26.0085 2840	Symc8xx - ok
22:45:26.0101 2840	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:45:26.0117 2840	Sym_hi - ok
22:45:26.0117 2840	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:45:26.0132 2840	Sym_u3 - ok
22:45:26.0195 2840	SynTP           (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
22:45:26.0210 2840	SynTP - ok
22:45:26.0257 2840	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:45:26.0273 2840	SysMain - ok
22:45:26.0304 2840	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:45:26.0319 2840	TabletInputService - ok
22:45:26.0351 2840	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:45:26.0366 2840	TapiSrv - ok
22:45:26.0382 2840	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:45:26.0413 2840	TBS - ok
22:45:26.0491 2840	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
22:45:26.0522 2840	Tcpip - ok
22:45:26.0538 2840	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
22:45:26.0553 2840	Tcpip6 - ok
22:45:26.0585 2840	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:45:26.0600 2840	tcpipreg - ok
22:45:26.0631 2840	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:45:26.0647 2840	TDPIPE - ok
22:45:26.0663 2840	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:45:26.0694 2840	TDTCP - ok
22:45:26.0709 2840	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:45:26.0725 2840	tdx - ok
22:45:26.0741 2840	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:45:26.0756 2840	TermDD - ok
22:45:26.0803 2840	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:45:26.0819 2840	TermService - ok
22:45:26.0850 2840	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:45:26.0865 2840	Themes - ok
22:45:26.0881 2840	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:45:26.0912 2840	THREADORDER - ok
22:45:26.0943 2840	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:45:26.0959 2840	TrkWks - ok
22:45:26.0990 2840	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:45:27.0006 2840	TrustedInstaller - ok
22:45:27.0037 2840	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:27.0068 2840	tssecsrv - ok
22:45:27.0084 2840	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:45:27.0099 2840	tunnel - ok
22:45:27.0131 2840	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:45:27.0131 2840	uagp35 - ok
22:45:27.0193 2840	UBHelper        (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
22:45:27.0209 2840	UBHelper - ok
22:45:27.0240 2840	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:45:27.0271 2840	udfs - ok
22:45:27.0287 2840	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:45:27.0318 2840	UI0Detect - ok
22:45:27.0349 2840	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:45:27.0365 2840	uliagpkx - ok
22:45:27.0396 2840	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:45:27.0411 2840	uliahci - ok
22:45:27.0427 2840	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:45:27.0443 2840	UlSata - ok
22:45:27.0474 2840	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:45:27.0489 2840	ulsata2 - ok
22:45:27.0505 2840	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:45:27.0521 2840	umbus - ok
22:45:27.0552 2840	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:45:27.0583 2840	upnphost - ok
22:45:27.0614 2840	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:27.0630 2840	usbccgp - ok
22:45:27.0645 2840	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:45:27.0692 2840	usbcir - ok
22:45:27.0755 2840	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:45:27.0770 2840	usbehci - ok
22:45:27.0786 2840	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:45:27.0817 2840	usbhub - ok
22:45:27.0833 2840	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:45:27.0879 2840	usbohci - ok
22:45:27.0911 2840	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:45:27.0942 2840	usbprint - ok
22:45:27.0973 2840	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:27.0989 2840	USBSTOR - ok
22:45:28.0004 2840	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:45:28.0020 2840	usbuhci - ok
22:45:28.0035 2840	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:45:28.0067 2840	usbvideo - ok
22:45:28.0098 2840	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:45:28.0113 2840	UxSms - ok
22:45:28.0160 2840	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:45:28.0191 2840	vds - ok
22:45:28.0223 2840	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:28.0238 2840	vga - ok
22:45:28.0254 2840	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:45:28.0285 2840	VgaSave - ok
22:45:28.0301 2840	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:45:28.0301 2840	viaagp - ok
22:45:28.0332 2840	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:45:28.0347 2840	ViaC7 - ok
22:45:28.0379 2840	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:45:28.0394 2840	viaide - ok
22:45:28.0410 2840	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:45:28.0425 2840	volmgr - ok
22:45:28.0472 2840	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:45:28.0488 2840	volmgrx - ok
22:45:28.0503 2840	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:45:28.0519 2840	volsnap - ok
22:45:28.0581 2840	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:45:28.0597 2840	vsmraid - ok
22:45:28.0691 2840	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:45:28.0753 2840	VSS - ok
22:45:28.0784 2840	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:45:28.0800 2840	W32Time - ok
22:45:28.0878 2840	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:45:28.0925 2840	WacomPen - ok
22:45:28.0956 2840	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:28.0971 2840	Wanarp - ok
22:45:28.0987 2840	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:29.0003 2840	Wanarpv6 - ok
22:45:29.0065 2840	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:45:29.0096 2840	wcncsvc - ok
22:45:29.0127 2840	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:45:29.0174 2840	WcsPlugInService - ok
22:45:29.0190 2840	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:45:29.0205 2840	Wd - ok
22:45:29.0268 2840	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:45:29.0299 2840	Wdf01000 - ok
22:45:29.0315 2840	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:45:29.0346 2840	WdiServiceHost - ok
22:45:29.0346 2840	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:45:29.0377 2840	WdiSystemHost - ok
22:45:29.0408 2840	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:45:29.0424 2840	WebClient - ok
22:45:29.0471 2840	Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
22:45:29.0486 2840	Wecsvc - ok
22:45:29.0502 2840	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:45:29.0517 2840	wercplsupport - ok
22:45:29.0549 2840	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:45:29.0580 2840	WerSvc - ok
22:45:29.0627 2840	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:45:29.0658 2840	winachsf - ok
22:45:29.0736 2840	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:45:29.0751 2840	WinDefend - ok
22:45:29.0751 2840	WinHttpAutoProxySvc - ok
22:45:29.0814 2840	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:45:29.0829 2840	Winmgmt - ok
22:45:29.0876 2840	WinRM           (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
22:45:29.0923 2840	WinRM - ok
22:45:29.0954 2840	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:45:30.0001 2840	Wlansvc - ok
22:45:30.0063 2840	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:45:30.0079 2840	WmiAcpi - ok
22:45:30.0141 2840	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:45:30.0157 2840	wmiApSrv - ok
22:45:30.0282 2840	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:45:30.0344 2840	WMPNetworkSvc - ok
22:45:30.0391 2840	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:45:30.0422 2840	WPCSvc - ok
22:45:30.0438 2840	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
22:45:30.0453 2840	WPDBusEnum - ok
22:45:30.0516 2840	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:45:30.0547 2840	ws2ifsl - ok
22:45:30.0563 2840	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
22:45:30.0578 2840	wscsvc - ok
22:45:30.0594 2840	WSearch - ok
22:45:30.0687 2840	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:45:30.0750 2840	wuauserv - ok
22:45:30.0890 2840	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:30.0937 2840	WUDFRd - ok
22:45:30.0968 2840	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:45:31.0015 2840	wudfsvc - ok
22:45:31.0062 2840	MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
22:45:31.0358 2840	\Device\Harddisk0\DR0 - ok
22:45:31.0358 2840	Boot (0x1200)   (b82810ea05973f2aade2d107958e1e7e) \Device\Harddisk0\DR0\Partition0
22:45:31.0358 2840	\Device\Harddisk0\DR0\Partition0 - ok
22:45:31.0358 2840	============================================================
22:45:31.0358 2840	Scan finished
22:45:31.0358 2840	============================================================
22:45:31.0374 3068	Detected object count: 3
22:45:31.0374 3068	Actual detected object count: 3
22:45:51.0389 3068	ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:51.0389 3068	ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:51.0389 3068	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:51.0389 3068	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:51.0404 3068	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:51.0404 3068	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:46:02.0589 3780	Deinitialize success

Vielen Dank für die Hilfe und Geduld. Hätte mir es leichter vorgestellt.

31.07.2012, 20:18	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	win32/mebroot Trojaner im Arbeitsspeicher Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

win32/mebroot Trojaner im Arbeitsspeicher

Log-Analyse und Auswertung: win32/mebroot Trojaner im Arbeitsspeicher