Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt

cosinus · 15.10.2012, 13:25

Zitat:

Nur Avira meldet das der Browserschutz deaktiviert ist.

1. ist dieser Schutz nicht wirklich nötig, 2. muss man diese müllige Ask-Toolbar haben um das nutzen zu können (!) und 3. ist Avira an sich schon fast nervige Nagware, imho sollte man sie durch MSE oder Avast austauschen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

anita_kitz · 15.10.2012, 20:30

So hab jetzt den Scan gemacht, hier die log datei:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.10.2012 21:01:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 288,41 Mb Available Physical Memory | 28,46% Memory free
2,23 Gb Paging File | 0,99 Gb Available in Paging File | 44,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 14,07 Gb Free Space | 27,51% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.15 20:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.10 22:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 22:17:01 | 000,000,000 | ---D | M]
 
[2012.10.10 22:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 20:20:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 20:07:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 20:05:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.15 20:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe
[2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr
[2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM
[2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822}
[2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265}
[2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F}
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten
[2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData
[2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies
[2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop
[2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents
[2012.10.15 20:22:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien
[2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen
[2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung
[2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent
[2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü
[2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< OTL logfile created on: 15.10.2012 20:26:29 - Run 2 >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.03 23:09:04 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.03 23:09:08 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.06.18 10:39:53 | 000,000,974 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
 
< OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Resi\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 7.0.6001.18000) >
 
< Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy >
 
<   >
 
< 1013,27 Mb Total Physical Memory | 294,36 Mb Available Physical Memory | 29,05% Memory free >
 
< 2,23 Gb Paging File | 0,95 Gb Available in Paging File | 42,49% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 51,14 Gb Total Space | 14,07 Gb Free Space | 27,51% Space Free | Partition Type: NTFS >
 
< Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: All users | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< PRC - [2012.10.15 20:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe >
 
< PRC - [2012.10.06 04:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe >
 
< PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe >
 
< PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe >
 
< PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe >
 
< PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe >
 
< PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe >
 
< PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe >
 
< PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe >
 
< PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe >
 
< PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe >
 
< PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe >
 
< PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe >
 
< PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe >
 
< PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe >
 
< PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe >
 
< PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe >
 
< PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe >
 
< PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe >
 
< PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe >
 
< PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe >
 
< PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe >
 
< PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe >
 
< PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe >
 
< PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe >
 
< PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe >
 
< PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe >
 
< PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe >
 
< PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe >
 
< PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe >
 
<   >
 
<   >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]
 
<   >
 
< MOD - [2012.10.06 04:14:14 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll >
 
< MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll >
 
< MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll >
 
< MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll >
 
< MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll >
 
< MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll >
 
< MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll >
 
< MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll >
 
< MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll >
 
< MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll >
 
< MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll >
 
< MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll >
 
< MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll >
 
< MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll >
 
< MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll >
 
< MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll >
 
< MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll >
 
< MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll >
 
< MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll >
 
< MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll >
 
< MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll >
 
< MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll >
 
< MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll >
 
< MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll >
 
< MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll >
 
< MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll >
 
< MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll >
 
< MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll >
 
< MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll >
 
< MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll >
 
<   >
 
<   >
 
< ========== Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) >
Invalid Switch: h ccCommon -- (CLTNetCnService)
 
< SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) >
 
< SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) >
 
< SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) >
 
< SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) >
 
< SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) >
 
< SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) >
 
< SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) >
 
< SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) >
 
< SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) >
 
< SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) >
 
< SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) >
 
< SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) >
 
< SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) >
 
< SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) >
 
< SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) >
 
< SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) >
 
< SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) >
 
< SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) >
 
< SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) >
 
< SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) >
 
<   >
 
<   >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) >
 
< DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) >
 
< DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) >
 
< DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) >
 
< DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) >
 
< DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) >
 
< DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) >
 
< DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) >
 
< DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) >
 
< DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) >
 
< DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) >
 
< DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) >
 
< DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) >
 
< DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) >
 
<   >
 
<   >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]
 
<   >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com >
Invalid Switch: de.intl.acer.yahoo.com
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com >
Invalid Switch: de.intl.acer.yahoo.com
 
< IE - HKLM\..\SearchScopes,DefaultScope =  >
 
<   >
 
<   >
 
< IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<   >
 
< IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<   >
 
< IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =  >
 
<   >
 
< IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =  >
 
<   >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at >
Invalid Switch: search.aon.at
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 >
Invalid Switch: search?p={searchTerms}&ei=utf-8&fr=b1ie7
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com >
Invalid Switch: www.google.com
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : >
 
<   >
 
<   >
 
< ========== FireFox ========== >
Invalid Switch: color]
 
<   >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) >
Invalid Switch: ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) >
Invalid Switch: GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) >
Invalid Switch: DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) >
Invalid Switch: JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) >
Invalid Switch: Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
<   >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.10 22:09:45 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 22:17:01 | 000,000,000 | ---D | M] >
 
<   >
 
< [2012.10.10 22:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<   >
 
< O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1       localhost >
 
< O1 - Hosts: ::1             localhost >
 
< O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) >
 
< O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () >
 
< O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) >
 
< O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) >
 
< O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) >
 
< O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) >
 
< O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) >
 
< O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) >
 
< O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) >
 
< O4 - HKLM..\Run: []  File not found >
 
< O4 - HKLM..\Run: [Acer Tour]  File not found >
 
< O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) >
 
< O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found >
 
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) >
 
< O4 - HKLM..\Run: [eRecoveryService]  File not found >
 
< O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) >
 
< O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) >
 
< O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) >
 
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found >
 
< O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) >
 
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found >
 
< O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) >
 
< O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) >
 
< O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) >
 
< O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O13 - gopher Prefix: missing >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
 
< O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) >
Invalid Switch: jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251 >
 
< O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) >
 
< O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) >
 
< O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 
< O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) >
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg >
 
< O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) >
 
<   >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET >
 
< [2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe >
 
< [2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi >
 
< [2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi >
 
< [2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware >
 
< [2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes >
 
< [2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys >
 
< [2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware >
 
< [2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service >
 
< [2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla >
 
< [2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira >
 
< [2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys >
 
< [2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys >
 
< [2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys >
 
< [2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira >
 
< [2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira >
 
< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >
 
< [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] >
 
<   >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.15 20:20:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
 
< [2012.10.15 20:07:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
 
< [2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.15 20:05:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl >
 
< [2012.10.15 20:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe >
 
< [2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe >
 
< [2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat >
 
< [2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk >
 
< [2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk >
 
< [2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job >
 
< [2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk >
 
< [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys >
 
< [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys >
 
< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >
 
< [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] >
 
<   >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
 
<   >
 
< [2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe >
 
< [2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk >
 
< [2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk >
 
< [2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk >
 
< [2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat >
 
< [2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat >
 
< [2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe >
 
< [2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr >
 
< [2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK >
 
< [2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss >
 
< [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat >
 
< [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys >
 
<   >
 
< ========== ZeroAccess Check ========== >
Invalid Switch: color]
 
<   >
 
< [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini >
 
<   >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
<   >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
< "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Apartment >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Free >
 
<   >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Both >
 
<   >
 
< ========== LOP Check ========== >
Invalid Switch: color]
 
<   >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente >
 
< [2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2 >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites >
 
< [2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM >
 
< [2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail >
 
< [2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup >
 
< [2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü >
 
< [2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP >
 
< [2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen >
 
< [2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch >
 
< [2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} >
 
< [2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822} >
 
< [2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265} >
 
< [2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F} >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten >
 
< [2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop >
 
< [2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent >
 
< [2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen >
 
< [2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop >
 
< [2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads >
 
< [2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures >
 
< [2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten >
 
< [2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData >
 
< [2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies >
 
< [2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop >
 
< [2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents >
 
< [2012.10.15 20:22:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien >
 
< [2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites >
 
< [2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen >
 
< [2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung >
 
< [2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent >
 
< [2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games >
 
< [2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü >
 
< [2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen >
 
<   >
 
< ========== Purity Check ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
<   >
 
< ========== Alternate Data Streams ========== >
Invalid Switch: color]
 
<   >
 
< @Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty >
 
< @Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty >
 
< @Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D >
 
< @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D >
 
< @Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty >
 
<  >
 
< < End of report >

--- --- ---
>

========== Alternate Data Streams ==========

@Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty
@Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty

< End of report >
[/code]
was ist der nächste Schritt?

anita_kitz · 15.10.2012, 20:33

hab den 2. eintrag gelöscht

cosinus · 16.10.2012, 15:11

Den CustomScan hast du flsch gemacht
Bitte meine Anleitungen richtig lesen und sorgfältiger arbeiten beim Kopieren und Einfügen - nur das was in der CODE-Box in der Anleitung zum CustomScan steht darf bei OTL eingefügt werden wenn du ein CustomScan-Log erstellen musst!

anita_kitz · 16.10.2012, 21:18

So ich habs nochmal probiert. Hab den Text kopiert und eingefügt bei custom scan/fixes. Hab ausgewählt scan all users und hab alle Programme geschlossen. Danach auf Quickscan. Mußte allerdings nicht mehr mit Ok bestätigen sondern es fing gleich an zu scannen. Hier der Log.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.10.2012 21:38:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 317,31 Mb Available Physical Memory | 31,32% Memory free
2,23 Gb Paging File | 1,02 Gb Available in Paging File | 45,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 13,50 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 21:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.10.15 22:05:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.15 22:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.15 22:05:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.15 22:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.15 22:05:24 | 000,000,000 | ---D | M]
 
[2012.10.15 22:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.15 22:05:47 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.15 22:05:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.15 22:05:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.15 22:05:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.15 22:05:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.15 22:05:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.15 22:05:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.15 22:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 21:27:54 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.16 21:06:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.16 21:03:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:03:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:03:13 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.16 21:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe
[2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr
[2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM
[2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822}
[2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265}
[2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F}
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten
[2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData
[2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies
[2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop
[2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents
[2012.10.16 21:37:10 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien
[2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen
[2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung
[2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent
[2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü
[2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.04.24 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Adobe
[2012.10.02 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Avira
[2007.11.30 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\BearShare
[2007.11.20 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\CyberLink
[2008.04.24 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Google
[2007.11.20 23:48:07 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Identities
[2010.02.11 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Kodak
[2007.11.20 23:47:40 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Macromedia
[2012.10.10 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Media Center Programs
[2010.11.30 20:01:03 | 000,000,000 | --SD | M] -- C:\Users\Resi\AppData\Roaming\Microsoft
[2009.03.12 20:02:37 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Mozilla
[2007.11.30 12:37:05 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\mquadr.at
[2011.08.12 08:51:07 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Skype
[2011.08.12 08:40:28 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\skypePM
[2008.02.07 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Sun
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.13 22:15:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 22:15:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 22:14:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: ENETHOOK.DLL  >
[2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Windows\System32\eNetHook.dll
 
< MD5 for: IASTOR.SYS  >
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\drivers\iaStor.sys
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.27 18:41:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.07.27 18:41:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.07.28 02:32:39 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.07.28 02:32:37 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.07.28 02:32:39 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.07.28 02:32:49 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.07.28 02:32:51 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty
@Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty

< End of report >

--- --- ---

Hoffe es ist jetzt richtig. Sonst weiß ich nicht was ich anders machen könnte.
Danke

cosinus · 17.10.2012, 14:04

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
:Files
C:\Programme\BearShare Applications\BearShare MediaBar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

anita_kitz · 17.10.2012, 15:58

Hallo cosinus.
Hab das jetzt mal gemacht. Das ist der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry value HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ deleted successfully.
C:\Windows\System32\eDStoolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ deleted successfully.
C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
File C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
ADS C:\Users\All Users\TEMP:E1F04E8D deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:E1F04E8D .
========== FILES ==========
C:\Programme\BearShare Applications\BearShare MediaBar folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Resi\Downloads\cmd.bat deleted successfully.
C:\Users\Resi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Resi
->Temp folder emptied: 7212010 bytes
->Temporary Internet Files folder emptied: 1072221111 bytes
->Java cache emptied: 132814 bytes
->FireFox cache emptied: 49190314 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 141848 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 418984637 bytes
RecycleBin emptied: 97017613 bytes
 
Total Files Cleaned = 1.569,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10172012_163056

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Was liegt als nächstes an?
Danke Anita

cosinus · 17.10.2012, 16:16

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

anita_kitz · 17.10.2012, 16:38

Hier der Log:

Code:

ATTFilter

17:31:13.0204 5716  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:31:13.0641 5716  ============================================================
17:31:13.0641 5716  Current date / time: 2012/10/17 17:31:13.0641
17:31:13.0641 5716  SystemInfo:
17:31:13.0641 5716  
17:31:13.0641 5716  OS Version: 6.0.6001 ServicePack: 1.0
17:31:13.0641 5716  Product type: Workstation
17:31:13.0641 5716  ComputerName: RESI-PC
17:31:13.0641 5716  UserName: Resi
17:31:13.0641 5716  Windows directory: C:\Windows
17:31:13.0641 5716  System windows directory: C:\Windows
17:31:13.0641 5716  Processor architecture: Intel x86
17:31:13.0641 5716  Number of processors: 1
17:31:13.0641 5716  Page size: 0x1000
17:31:13.0641 5716  Boot type: Normal boot
17:31:13.0641 5716  ============================================================
17:31:15.0810 5716  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:31:15.0810 5716  ============================================================
17:31:15.0810 5716  \Device\Harddisk0\DR0:
17:31:15.0810 5716  MBR partitions:
17:31:15.0810 5716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x6649800
17:31:15.0810 5716  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x79CE800, BlocksNum 0x65C5800
17:31:15.0810 5716  ============================================================
17:31:15.0903 5716  C: <-> \Device\Harddisk0\DR0\Partition1
17:31:15.0966 5716  D: <-> \Device\Harddisk0\DR0\Partition2
17:31:15.0966 5716  ============================================================
17:31:15.0966 5716  Initialize success
17:31:15.0966 5716  ============================================================
17:33:06.0195 6072  ============================================================
17:33:06.0195 6072  Scan started
17:33:06.0195 6072  Mode: Manual; SigCheck; TDLFS; 
17:33:06.0195 6072  ============================================================
17:33:07.0365 6072  ================ Scan system memory ========================
17:33:07.0365 6072  System memory - ok
17:33:07.0365 6072  ================ Scan services =============================
17:33:07.0646 6072  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:33:07.0880 6072  ACPI - ok
17:33:07.0974 6072  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:33:08.0036 6072  adp94xx - ok
17:33:08.0083 6072  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:33:08.0114 6072  adpahci - ok
17:33:08.0161 6072  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:33:08.0192 6072  adpu160m - ok
17:33:08.0239 6072  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:33:08.0270 6072  adpu320 - ok
17:33:08.0332 6072  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:33:08.0754 6072  AeLookupSvc - ok
17:33:08.0832 6072  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
17:33:08.0910 6072  AFD - ok
17:33:08.0972 6072  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:33:09.0050 6072  AgereModemAudio - ok
17:33:09.0128 6072  [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:33:09.0362 6072  AgereSoftModem - ok
17:33:09.0440 6072  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:33:09.0456 6072  agp440 - ok
17:33:09.0502 6072  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:33:09.0518 6072  aic78xx - ok
17:33:09.0643 6072  [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService  C:\Acer\ALaunch\ALaunchSvc.exe
17:33:09.0658 6072  ALaunchService ( UnsignedFile.Multi.Generic ) - warning
17:33:09.0658 6072  ALaunchService - detected UnsignedFile.Multi.Generic (1)
17:33:09.0705 6072  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:33:09.0892 6072  ALG - ok
17:33:09.0924 6072  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:33:09.0955 6072  aliide - ok
17:33:09.0986 6072  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:33:10.0002 6072  amdagp - ok
17:33:10.0064 6072  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
17:33:10.0080 6072  amdide - ok
17:33:10.0126 6072  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:33:10.0376 6072  AmdK7 - ok
17:33:10.0423 6072  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:33:10.0532 6072  AmdK8 - ok
17:33:10.0688 6072  [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:33:10.0735 6072  AntiVirSchedulerService - ok
17:33:10.0813 6072  [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:33:10.0828 6072  AntiVirService - ok
17:33:10.0922 6072  [ 596FE09BAE862BF29220FC94075ED1CE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:33:10.0969 6072  AntiVirWebService - ok
17:33:11.0062 6072  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:33:11.0172 6072  Appinfo - ok
17:33:11.0218 6072  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
17:33:11.0234 6072  arc - ok
17:33:11.0281 6072  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:33:11.0296 6072  arcsas - ok
17:33:11.0359 6072  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:11.0468 6072  AsyncMac - ok
17:33:11.0530 6072  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:33:11.0546 6072  atapi - ok
17:33:11.0640 6072  [ B0C272DEF210B149C0BFA0D85600CE4B ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:33:11.0749 6072  athr - ok
17:33:11.0827 6072  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:11.0920 6072  AudioEndpointBuilder - ok
17:33:11.0983 6072  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:33:12.0045 6072  Audiosrv - ok
17:33:12.0108 6072  [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:33:12.0310 6072  avgntflt - ok
17:33:12.0404 6072  [ C499333D8915597FE415F0058EFFD7D2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:33:12.0435 6072  avipbb - ok
17:33:12.0482 6072  [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:33:12.0498 6072  avkmgr - ok
17:33:12.0544 6072  [ C7EA0E3E37FF1CD2BB65636448322572 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:33:12.0638 6072  b57nd60x - ok
17:33:12.0763 6072  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:33:12.0825 6072  Beep - ok
17:33:12.0919 6072  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
17:33:13.0012 6072  BFE - ok
17:33:13.0090 6072  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
17:33:13.0246 6072  BITS - ok
17:33:13.0262 6072  blbdrive - ok
17:33:13.0324 6072  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:33:13.0387 6072  bowser - ok
17:33:13.0465 6072  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:33:13.0527 6072  BrFiltLo - ok
17:33:13.0558 6072  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:33:13.0636 6072  BrFiltUp - ok
17:33:13.0683 6072  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:33:13.0761 6072  Browser - ok
17:33:13.0839 6072  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:33:14.0120 6072  Brserid - ok
17:33:14.0182 6072  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:33:14.0276 6072  BrSerWdm - ok
17:33:14.0323 6072  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:33:14.0416 6072  BrUsbMdm - ok
17:33:14.0448 6072  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:33:14.0526 6072  BrUsbSer - ok
17:33:14.0557 6072  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:33:14.0650 6072  BTHMODEM - ok
17:33:14.0713 6072  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:33:14.0775 6072  cdfs - ok
17:33:14.0838 6072  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:33:14.0931 6072  cdrom - ok
17:33:14.0978 6072  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
17:33:15.0040 6072  CertPropSvc - ok
17:33:15.0087 6072  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:33:15.0181 6072  circlass - ok
17:33:15.0259 6072  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
17:33:15.0290 6072  CLFS - ok
17:33:15.0384 6072  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:15.0399 6072  clr_optimization_v2.0.50727_32 - ok
17:33:15.0524 6072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:15.0555 6072  clr_optimization_v4.0.30319_32 - ok
17:33:15.0633 6072  CLTNetCnService - ok
17:33:15.0711 6072  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:15.0774 6072  CmBatt - ok
17:33:15.0820 6072  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:33:15.0836 6072  cmdide - ok
17:33:15.0867 6072  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:33:15.0883 6072  Compbatt - ok
17:33:15.0914 6072  COMSysApp - ok
17:33:15.0930 6072  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:33:15.0961 6072  crcdisk - ok
17:33:15.0992 6072  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:33:16.0101 6072  Crusoe - ok
17:33:16.0195 6072  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:33:16.0273 6072  CryptSvc - ok
17:33:16.0366 6072  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:33:16.0522 6072  DcomLaunch - ok
17:33:16.0616 6072  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:33:16.0663 6072  DfsC - ok
17:33:16.0819 6072  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
17:33:17.0037 6072  DFSR - ok
17:33:17.0115 6072  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:33:17.0193 6072  Dhcp - ok
17:33:17.0256 6072  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
17:33:17.0271 6072  disk - ok
17:33:17.0334 6072  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
17:33:17.0349 6072  DKbFltr - ok
17:33:17.0412 6072  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:33:17.0505 6072  Dnscache - ok
17:33:17.0568 6072  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:33:17.0630 6072  dot3svc - ok
17:33:17.0724 6072  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:33:17.0770 6072  DPS - ok
17:33:17.0817 6072  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
17:33:17.0833 6072  DritekPortIO - ok
17:33:17.0895 6072  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:33:17.0958 6072  drmkaud - ok
17:33:18.0020 6072  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:33:18.0223 6072  DXGKrnl - ok
17:33:18.0285 6072  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:33:18.0472 6072  E1G60 - ok
17:33:18.0597 6072  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:33:18.0660 6072  EapHost - ok
17:33:18.0738 6072  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:33:18.0769 6072  Ecache - ok
17:33:18.0878 6072  [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
17:33:18.0925 6072  eDataSecurity Service - ok
17:33:19.0128 6072  [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:33:19.0268 6072  eeCtrl - ok
17:33:19.0424 6072  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:33:19.0486 6072  ehRecvr - ok
17:33:19.0549 6072  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:33:19.0627 6072  ehSched - ok
17:33:19.0658 6072  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:33:19.0705 6072  ehstart - ok
17:33:19.0798 6072  [ FB5383BFD4DEC6792AAEF76C9343ECFF ] eLockService    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
17:33:19.0830 6072  eLockService ( UnsignedFile.Multi.Generic ) - warning
17:33:19.0830 6072  eLockService - detected UnsignedFile.Multi.Generic (1)
17:33:19.0892 6072  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:33:19.0923 6072  elxstor - ok
17:33:20.0001 6072  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:33:20.0126 6072  EMDMgmt - ok
17:33:20.0173 6072  [ 9316C26F089CF2CEA2BD1496AC9F38A4 ] eNet Service    C:\Acer\Empowering Technology\eNet\eNet Service.exe
17:33:20.0204 6072  eNet Service ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0204 6072  eNet Service - detected UnsignedFile.Multi.Generic (1)
17:33:20.0251 6072  [ 3D184410EF5EE017E186AC96181B3FF8 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
17:33:20.0282 6072  eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0282 6072  eRecoveryService - detected UnsignedFile.Multi.Generic (1)
17:33:20.0360 6072  [ CF2584CDF90DA24D3044021AAAD5DBAB ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
17:33:20.0391 6072  eSettingsService ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0391 6072  eSettingsService - detected UnsignedFile.Multi.Generic (1)
17:33:20.0469 6072  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
17:33:20.0532 6072  EventSystem - ok
17:33:20.0594 6072  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
17:33:20.0672 6072  exfat - ok
17:33:20.0750 6072  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:33:20.0828 6072  fastfat - ok
17:33:20.0890 6072  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:33:20.0984 6072  fdc - ok
17:33:21.0031 6072  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:33:21.0109 6072  fdPHost - ok
17:33:21.0156 6072  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:33:21.0265 6072  FDResPub - ok
17:33:21.0312 6072  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:33:21.0327 6072  FileInfo - ok
17:33:21.0374 6072  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:33:21.0436 6072  Filetrace - ok
17:33:21.0483 6072  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:21.0608 6072  flpydisk - ok
17:33:21.0717 6072  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:33:21.0748 6072  FltMgr - ok
17:33:21.0826 6072  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:33:21.0858 6072  FontCache3.0.0.0 - ok
17:33:21.0904 6072  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:33:21.0951 6072  Fs_Rec - ok
17:33:21.0982 6072  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:33:21.0998 6072  gagp30kx - ok
17:33:22.0076 6072  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
17:33:22.0232 6072  gpsvc - ok
17:33:22.0341 6072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:22.0372 6072  gupdate - ok
17:33:22.0404 6072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:22.0435 6072  gupdatem - ok
17:33:22.0482 6072  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:22.0497 6072  gusvc - ok
17:33:22.0560 6072  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:22.0669 6072  HdAudAddService - ok
17:33:22.0731 6072  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:22.0794 6072  HDAudBus - ok
17:33:22.0840 6072  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:33:22.0950 6072  HidBth - ok
17:33:22.0981 6072  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:33:23.0090 6072  HidIr - ok
17:33:23.0137 6072  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
17:33:23.0246 6072  hidserv - ok
17:33:23.0308 6072  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:33:23.0371 6072  HidUsb - ok
17:33:23.0418 6072  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:33:23.0480 6072  hkmsvc - ok
17:33:23.0542 6072  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:33:23.0574 6072  HpCISSs - ok
17:33:23.0620 6072  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:33:23.0683 6072  HSFHWAZL - ok
17:33:23.0745 6072  [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:33:23.0901 6072  HSF_DPV - ok
17:33:23.0932 6072  [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:33:23.0979 6072  HSXHWAZL - ok
17:33:24.0042 6072  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:33:24.0135 6072  HTTP - ok
17:33:24.0166 6072  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:33:24.0182 6072  i2omp - ok
17:33:24.0322 6072  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:24.0478 6072  i8042prt - ok
17:33:24.0541 6072  [ 16EC9C934AE82B45BEB0CFF9C4277EE8 ] iaStor          C:\Windows\system32\drivers\iastor.sys
17:33:24.0588 6072  iaStor ( UnsignedFile.Multi.Generic ) - warning
17:33:24.0588 6072  iaStor - detected UnsignedFile.Multi.Generic (1)
17:33:24.0681 6072  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:33:24.0775 6072  iaStorV - ok
17:33:24.0853 6072  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:33:24.0962 6072  idsvc - ok
17:33:25.0118 6072  [ C134E69CE901422D1F2D7EA8D69098FE ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:33:25.0321 6072  igfx - ok
17:33:25.0352 6072  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:33:25.0383 6072  iirsp - ok
17:33:25.0446 6072  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
17:33:25.0602 6072  IKEEXT - ok
17:33:25.0664 6072  [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
17:33:25.0695 6072  int15 - ok
17:33:25.0836 6072  [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:33:26.0116 6072  IntcAzAudAddService - ok
17:33:26.0179 6072  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:33:26.0194 6072  intelide - ok
17:33:26.0257 6072  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:33:26.0304 6072  intelppm - ok
17:33:26.0366 6072  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:33:26.0428 6072  IPBusEnum - ok
17:33:26.0491 6072  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:26.0553 6072  IpFilterDriver - ok
17:33:26.0616 6072  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:33:26.0694 6072  iphlpsvc - ok
17:33:26.0709 6072  IpInIp - ok
17:33:26.0756 6072  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:33:26.0881 6072  IPMIDRV - ok
17:33:27.0006 6072  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:33:27.0068 6072  IPNAT - ok
17:33:27.0130 6072  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:33:27.0193 6072  IRENUM - ok
17:33:27.0240 6072  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:33:27.0255 6072  isapnp - ok
17:33:27.0349 6072  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:33:27.0364 6072  iScsiPrt - ok
17:33:27.0396 6072  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:33:27.0427 6072  iteatapi - ok
17:33:27.0458 6072  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:33:27.0474 6072  iteraid - ok
17:33:27.0536 6072  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:27.0567 6072  kbdclass - ok
17:33:27.0598 6072  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:33:27.0692 6072  kbdhid - ok
17:33:27.0739 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
17:33:27.0832 6072  KeyIso - ok
17:33:27.0895 6072  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:33:27.0942 6072  KSecDD - ok
17:33:28.0004 6072  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:33:28.0160 6072  KtmRm - ok
17:33:28.0222 6072  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:33:28.0285 6072  LanmanServer - ok
17:33:28.0347 6072  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:33:28.0425 6072  LanmanWorkstation - ok
17:33:28.0488 6072  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:33:28.0519 6072  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:33:28.0519 6072  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:33:28.0566 6072  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:33:28.0628 6072  lltdio - ok
17:33:28.0690 6072  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:33:28.0768 6072  lltdsvc - ok
17:33:28.0831 6072  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:33:28.0924 6072  lmhosts - ok
17:33:29.0002 6072  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:33:29.0018 6072  LSI_FC - ok
17:33:29.0049 6072  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:33:29.0080 6072  LSI_SAS - ok
17:33:29.0112 6072  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:33:29.0143 6072  LSI_SCSI - ok
17:33:29.0190 6072  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:33:29.0283 6072  luafv - ok
17:33:29.0346 6072  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:33:29.0377 6072  MBAMProtector - ok
17:33:29.0533 6072  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:33:29.0626 6072  MBAMScheduler - ok
17:33:29.0798 6072  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:29.0970 6072  MBAMService - ok
17:33:30.0032 6072  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:33:30.0126 6072  Mcx2Svc - ok
17:33:30.0204 6072  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:33:30.0266 6072  mdmxsdk - ok
17:33:30.0313 6072  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
17:33:30.0328 6072  megasas - ok
17:33:30.0375 6072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:33:30.0438 6072  MMCSS - ok
17:33:30.0484 6072  MobilityService - ok
17:33:30.0531 6072  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:33:30.0578 6072  Modem - ok
17:33:30.0609 6072  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:33:30.0672 6072  monitor - ok
17:33:30.0718 6072  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:33:30.0734 6072  mouclass - ok
17:33:30.0796 6072  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:33:30.0874 6072  mouhid - ok
17:33:30.0921 6072  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:33:30.0937 6072  MountMgr - ok
17:33:31.0062 6072  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:33:31.0077 6072  MozillaMaintenance - ok
17:33:31.0155 6072  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:33:31.0171 6072  mpio - ok
17:33:31.0249 6072  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:33:31.0280 6072  mpsdrv - ok
17:33:31.0358 6072  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:33:31.0467 6072  MpsSvc - ok
17:33:31.0514 6072  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:33:31.0530 6072  Mraid35x - ok
17:33:31.0592 6072  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:33:31.0654 6072  MRxDAV - ok
17:33:31.0717 6072  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:31.0795 6072  mrxsmb - ok
17:33:31.0826 6072  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:31.0888 6072  mrxsmb10 - ok
17:33:31.0920 6072  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:31.0966 6072  mrxsmb20 - ok
17:33:32.0029 6072  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:33:32.0060 6072  msahci - ok
17:33:32.0091 6072  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:33:32.0122 6072  msdsm - ok
17:33:32.0185 6072  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:33:32.0247 6072  MSDTC - ok
17:33:32.0325 6072  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:33:32.0388 6072  Msfs - ok
17:33:32.0466 6072  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:33:32.0481 6072  msisadrv - ok
17:33:32.0544 6072  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:33:32.0606 6072  MSiSCSI - ok
17:33:32.0637 6072  msiserver - ok
17:33:32.0700 6072  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:33:32.0746 6072  MSKSSRV - ok
17:33:32.0809 6072  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:32.0856 6072  MSPCLOCK - ok
17:33:32.0934 6072  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:33:33.0012 6072  MSPQM - ok
17:33:33.0058 6072  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:33:33.0090 6072  MsRPC - ok
17:33:33.0136 6072  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:33.0152 6072  mssmbios - ok
17:33:33.0199 6072  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:33:33.0261 6072  MSTEE - ok
17:33:33.0292 6072  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:33:33.0324 6072  Mup - ok
17:33:33.0386 6072  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
17:33:33.0464 6072  napagent - ok
17:33:33.0542 6072  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:33:33.0604 6072  NativeWifiP - ok
17:33:33.0667 6072  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:33:33.0760 6072  NDIS - ok
17:33:33.0885 6072  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:33.0979 6072  NdisTapi - ok
17:33:34.0041 6072  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:34.0119 6072  Ndisuio - ok
17:33:34.0182 6072  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:34.0260 6072  NdisWan - ok
17:33:34.0306 6072  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:33:34.0369 6072  NDProxy - ok
17:33:34.0416 6072  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:33:34.0478 6072  NetBIOS - ok
17:33:34.0556 6072  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:33:34.0634 6072  netbt - ok
17:33:34.0665 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
17:33:34.0696 6072  Netlogon - ok
17:33:34.0759 6072  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:33:34.0852 6072  Netman - ok
17:33:34.0993 6072  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:33:35.0118 6072  netprofm - ok
17:33:35.0180 6072  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:33:35.0211 6072  NetTcpPortSharing - ok
17:33:35.0320 6072  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:33:35.0383 6072  nfrd960 - ok
17:33:35.0414 6072  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:33:35.0523 6072  NlaSvc - ok
17:33:35.0554 6072  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:33:35.0617 6072  Npfs - ok
17:33:35.0664 6072  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:33:35.0726 6072  nsi - ok
17:33:35.0773 6072  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:33:35.0820 6072  nsiproxy - ok
17:33:35.0913 6072  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:33:36.0054 6072  Ntfs - ok
17:33:36.0116 6072  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:33:36.0147 6072  NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
17:33:36.0147 6072  NTIDrvr - detected UnsignedFile.Multi.Generic (1)
17:33:36.0178 6072  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:33:36.0272 6072  ntrigdigi - ok
17:33:36.0303 6072  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:33:36.0397 6072  Null - ok
17:33:36.0428 6072  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:33:36.0475 6072  nvraid - ok
17:33:36.0522 6072  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:33:36.0537 6072  nvstor - ok
17:33:36.0568 6072  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:33:36.0600 6072  nv_agp - ok
17:33:36.0615 6072  NwlnkFlt - ok
17:33:36.0646 6072  NwlnkFwd - ok
17:33:36.0787 6072  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:33:36.0818 6072  odserv - ok
17:33:36.0865 6072  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:33:36.0974 6072  ohci1394 - ok
17:33:37.0114 6072  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:33:37.0146 6072  ose - ok
17:33:37.0208 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:33:37.0364 6072  p2pimsvc - ok
17:33:37.0442 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:33:37.0754 6072  p2psvc - ok
17:33:37.0816 6072  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:33:37.0910 6072  Parport - ok
17:33:37.0988 6072  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:33:38.0019 6072  partmgr - ok
17:33:38.0050 6072  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:33:38.0160 6072  Parvdm - ok
17:33:38.0206 6072  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:33:38.0253 6072  PcaSvc - ok
17:33:38.0300 6072  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
17:33:38.0331 6072  pci - ok
17:33:38.0394 6072  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:33:38.0409 6072  pciide - ok
17:33:38.0456 6072  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:33:38.0503 6072  pcmcia - ok
17:33:38.0581 6072  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:33:38.0815 6072  PEAUTH - ok
17:33:38.0971 6072  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:33:39.0142 6072  pla - ok
17:33:39.0205 6072  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:33:39.0267 6072  PlugPlay - ok
17:33:39.0330 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:33:39.0408 6072  PNRPAutoReg - ok
17:33:39.0470 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:33:39.0548 6072  PNRPsvc - ok
17:33:39.0626 6072  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:33:39.0766 6072  PolicyAgent - ok
17:33:39.0829 6072  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:33:39.0922 6072  PptpMiniport - ok
17:33:39.0954 6072  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
17:33:40.0078 6072  Processor - ok
17:33:40.0125 6072  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:33:40.0203 6072  ProfSvc - ok
17:33:40.0234 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:33:40.0281 6072  ProtectedStorage - ok
17:33:40.0359 6072  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:33:40.0500 6072  PSched - ok
17:33:40.0531 6072  [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
17:33:40.0546 6072  PSDFilter - ok
17:33:40.0671 6072  [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ        C:\Windows\system32\drivers\PSDNServ.sys
17:33:40.0687 6072  PSDNServ - ok
17:33:40.0749 6072  [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk        C:\Windows\system32\drivers\psdvdisk.sys
17:33:40.0765 6072  psdvdisk - ok
17:33:40.0874 6072  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:33:41.0014 6072  ql2300 - ok
17:33:41.0077 6072  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:33:41.0092 6072  ql40xx - ok
17:33:41.0155 6072  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:33:41.0202 6072  QWAVE - ok
17:33:41.0248 6072  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:33:41.0280 6072  QWAVEdrv - ok
17:33:41.0342 6072  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:33:41.0389 6072  RasAcd - ok
17:33:41.0451 6072  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:33:41.0514 6072  RasAuto - ok
17:33:41.0592 6072  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:33:41.0654 6072  Rasl2tp - ok
17:33:41.0716 6072  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
17:33:41.0779 6072  RasMan - ok
17:33:41.0826 6072  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:33:41.0904 6072  RasPppoe - ok
17:33:41.0950 6072  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:33:42.0044 6072  RasSstp - ok
17:33:42.0091 6072  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:33:42.0200 6072  rdbss - ok
17:33:42.0247 6072  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:33:42.0294 6072  RDPCDD - ok
17:33:42.0372 6072  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:33:42.0481 6072  rdpdr - ok
17:33:42.0528 6072  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:33:42.0574 6072  RDPENCDD - ok
17:33:42.0637 6072  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:33:42.0715 6072  RDPWD - ok
17:33:42.0840 6072  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:33:42.0933 6072  RemoteAccess - ok
17:33:42.0980 6072  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:33:43.0058 6072  RemoteRegistry - ok
17:33:43.0136 6072  [ 0A468612A19FEB657D127E7C4810F6FC ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:33:43.0167 6072  RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:33:43.0167 6072  RichVideo - detected UnsignedFile.Multi.Generic (1)
17:33:43.0214 6072  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:33:43.0292 6072  RpcLocator - ok
17:33:43.0339 6072  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
17:33:43.0417 6072  RpcSs - ok
17:33:43.0479 6072  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:33:43.0542 6072  rspndr - ok
17:33:43.0573 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
17:33:43.0588 6072  SamSs - ok
17:33:43.0635 6072  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:33:43.0651 6072  sbp2port - ok
17:33:43.0729 6072  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:33:43.0807 6072  SCardSvr - ok
17:33:43.0885 6072  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
17:33:44.0010 6072  Schedule - ok
17:33:44.0088 6072  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:33:44.0134 6072  SCPolicySvc - ok
17:33:44.0197 6072  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:33:44.0290 6072  SDRSVC - ok
17:33:44.0337 6072  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:33:44.0462 6072  secdrv - ok
17:33:44.0509 6072  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:33:44.0587 6072  seclogon - ok
17:33:44.0634 6072  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:33:44.0696 6072  SENS - ok
17:33:44.0727 6072  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:33:44.0821 6072  Serenum - ok
17:33:44.0868 6072  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:33:44.0977 6072  Serial - ok
17:33:45.0008 6072  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:33:45.0086 6072  sermouse - ok
17:33:45.0258 6072  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:33:45.0304 6072  SessionEnv - ok
17:33:45.0367 6072  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:33:45.0476 6072  sffdisk - ok
17:33:45.0507 6072  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:33:45.0616 6072  sffp_mmc - ok
17:33:45.0663 6072  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:33:45.0804 6072  sffp_sd - ok
17:33:45.0835 6072  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:33:46.0053 6072  sfloppy - ok
17:33:46.0116 6072  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:33:46.0209 6072  SharedAccess - ok
17:33:46.0256 6072  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:33:46.0334 6072  ShellHWDetection - ok
17:33:46.0365 6072  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:33:46.0396 6072  sisagp - ok
17:33:46.0412 6072  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:33:46.0428 6072  SiSRaid2 - ok
17:33:46.0474 6072  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:33:46.0490 6072  SiSRaid4 - ok
17:33:46.0552 6072  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:33:46.0568 6072  SkypeUpdate - ok
17:33:46.0724 6072  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
17:33:47.0005 6072  slsvc - ok
17:33:47.0067 6072  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:33:47.0192 6072  SLUINotify - ok
17:33:47.0223 6072  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:33:47.0301 6072  Smb - ok
17:33:47.0364 6072  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:33:47.0410 6072  SNMPTRAP - ok
17:33:47.0473 6072  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:33:47.0504 6072  spldr - ok
17:33:47.0566 6072  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
17:33:47.0613 6072  Spooler - ok
17:33:47.0691 6072  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:33:47.0785 6072  srv - ok
17:33:47.0832 6072  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:33:47.0910 6072  srv2 - ok
17:33:47.0972 6072  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:33:48.0019 6072  srvnet - ok
17:33:48.0097 6072  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:33:48.0175 6072  SSDPSRV - ok
17:33:48.0222 6072  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:33:48.0253 6072  ssmdrv - ok
17:33:48.0315 6072  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:33:48.0393 6072  SstpSvc - ok
17:33:48.0471 6072  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
17:33:48.0549 6072  stisvc - ok
17:33:48.0596 6072  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:33:48.0627 6072  swenum - ok
17:33:48.0674 6072  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
17:33:48.0752 6072  swprv - ok
17:33:48.0814 6072  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:33:48.0830 6072  Symc8xx - ok
17:33:48.0861 6072  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:33:48.0892 6072  Sym_hi - ok
17:33:48.0924 6072  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:33:48.0939 6072  Sym_u3 - ok
17:33:49.0002 6072  [ 8A321F644C0F2D403B867481065E7EC2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:33:49.0033 6072  SynTP - ok
17:33:49.0189 6072  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
17:33:49.0314 6072  SysMain - ok
17:33:49.0376 6072  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:33:49.0438 6072  TabletInputService - ok
17:33:49.0501 6072  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:33:49.0579 6072  TapiSrv - ok
17:33:49.0626 6072  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:33:49.0688 6072  TBS - ok
17:33:49.0782 6072  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:33:49.0938 6072  Tcpip - ok
17:33:50.0016 6072  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:33:50.0156 6072  Tcpip6 - ok
17:33:50.0218 6072  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:33:50.0265 6072  tcpipreg - ok
17:33:50.0312 6072  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:33:50.0359 6072  TDPIPE - ok
17:33:50.0421 6072  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:33:50.0499 6072  TDTCP - ok
17:33:50.0546 6072  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:33:50.0593 6072  tdx - ok
17:33:50.0640 6072  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:33:50.0655 6072  TermDD - ok
17:33:50.0733 6072  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
17:33:50.0889 6072  TermService - ok
17:33:50.0983 6072  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
17:33:51.0030 6072  Themes - ok
17:33:51.0092 6072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:33:51.0186 6072  THREADORDER - ok
17:33:51.0248 6072  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:33:51.0342 6072  TrkWks - ok
17:33:51.0529 6072  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:33:51.0576 6072  TrustedInstaller - ok
17:33:51.0638 6072  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:33:51.0700 6072  tssecsrv - ok
17:33:51.0763 6072  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:33:51.0825 6072  tunmp - ok
17:33:51.0841 6072  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:33:51.0888 6072  tunnel - ok
17:33:51.0934 6072  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:33:51.0950 6072  uagp35 - ok
17:33:52.0028 6072  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:33:52.0090 6072  udfs - ok
17:33:52.0184 6072  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:33:52.0246 6072  UI0Detect - ok
17:33:52.0278 6072  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:33:52.0309 6072  uliagpkx - ok
17:33:52.0356 6072  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:33:52.0402 6072  uliahci - ok
17:33:52.0449 6072  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:33:52.0465 6072  UlSata - ok
17:33:52.0496 6072  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:33:52.0527 6072  ulsata2 - ok
17:33:52.0590 6072  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:33:52.0652 6072  umbus - ok
17:33:52.0714 6072  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:33:52.0777 6072  upnphost - ok
17:33:52.0855 6072  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:33:52.0886 6072  usbccgp - ok
17:33:52.0917 6072  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:33:53.0026 6072  usbcir - ok
17:33:53.0104 6072  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:33:53.0182 6072  usbehci - ok
17:33:53.0245 6072  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:33:53.0292 6072  usbhub - ok
17:33:53.0323 6072  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:33:53.0432 6072  usbohci - ok
17:33:53.0479 6072  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:33:53.0572 6072  usbprint - ok
17:33:53.0635 6072  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:33:53.0713 6072  USBSTOR - ok
17:33:53.0760 6072  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:33:53.0806 6072  usbuhci - ok
17:33:53.0869 6072  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
17:33:53.0931 6072  UxSms - ok
17:33:53.0994 6072  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
17:33:54.0118 6072  vds - ok
17:33:54.0181 6072  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:33:54.0290 6072  vga - ok
17:33:54.0337 6072  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:33:54.0415 6072  VgaSave - ok
17:33:54.0446 6072  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:33:54.0477 6072  viaagp - ok
17:33:54.0508 6072  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:33:54.0618 6072  ViaC7 - ok
17:33:54.0649 6072  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:33:54.0680 6072  viaide - ok
17:33:54.0711 6072  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:33:54.0742 6072  volmgr - ok
17:33:54.0789 6072  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:33:54.0820 6072  volmgrx - ok
17:33:54.0883 6072  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:33:54.0930 6072  volsnap - ok
17:33:54.0976 6072  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:33:55.0008 6072  vsmraid - ok
17:33:55.0086 6072  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
17:33:55.0273 6072  VSS - ok
17:33:55.0320 6072  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
17:33:55.0398 6072  W32Time - ok
17:33:55.0460 6072  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:33:55.0554 6072  WacomPen - ok
17:33:55.0616 6072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:33:55.0663 6072  Wanarp - ok
17:33:55.0678 6072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:33:55.0725 6072  Wanarpv6 - ok
17:33:55.0803 6072  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:33:55.0866 6072  wcncsvc - ok
17:33:55.0912 6072  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:33:55.0959 6072  WcsPlugInService - ok
17:33:55.0990 6072  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:33:56.0006 6072  Wd - ok
17:33:56.0178 6072  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:33:56.0427 6072  Wdf01000 - ok
17:33:56.0490 6072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:33:56.0599 6072  WdiServiceHost - ok
17:33:56.0630 6072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:33:56.0770 6072  WdiSystemHost - ok
17:33:56.0817 6072  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
17:33:56.0880 6072  WebClient - ok
17:33:56.0926 6072  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:33:56.0989 6072  Wecsvc - ok
17:33:57.0067 6072  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:33:57.0114 6072  wercplsupport - ok
17:33:57.0145 6072  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:33:57.0223 6072  WerSvc - ok
17:33:57.0270 6072  [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:33:57.0379 6072  winachsf - ok
17:33:57.0441 6072  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:33:57.0472 6072  WinDefend - ok
17:33:57.0504 6072  WinHttpAutoProxySvc - ok
17:33:57.0613 6072  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:33:57.0691 6072  Winmgmt - ok
17:33:57.0784 6072  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:33:57.0925 6072  WinRM - ok
17:33:58.0018 6072  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:33:58.0112 6072  Wlansvc - ok
17:33:58.0174 6072  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:33:58.0237 6072  WmiAcpi - ok
17:33:58.0299 6072  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:33:58.0362 6072  wmiApSrv - ok
17:33:58.0424 6072  [ EE80AC462A171DBF06EEB2058B5D3BC6 ] WMIService      C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
17:33:58.0471 6072  WMIService ( UnsignedFile.Multi.Generic ) - warning
17:33:58.0471 6072  WMIService - detected UnsignedFile.Multi.Generic (1)
17:33:58.0564 6072  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:33:58.0752 6072  WMPNetworkSvc - ok
17:33:58.0814 6072  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:33:58.0876 6072  WPCSvc - ok
17:33:58.0923 6072  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:33:58.0970 6072  WPDBusEnum - ok
17:33:59.0032 6072  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:33:59.0079 6072  WpdUsb - ok
17:33:59.0220 6072  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:33:59.0313 6072  WPFFontCache_v0400 - ok
17:33:59.0360 6072  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:33:59.0422 6072  ws2ifsl - ok
17:33:59.0485 6072  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
17:33:59.0500 6072  wscsvc - ok
17:33:59.0532 6072  WSearch - ok
17:33:59.0656 6072  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:33:59.0828 6072  wuauserv - ok
17:33:59.0875 6072  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:33:59.0937 6072  WUDFRd - ok
17:33:59.0984 6072  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:34:00.0046 6072  wudfsvc - ok
17:34:00.0078 6072  [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
17:34:00.0140 6072  XAudio - ok
17:34:00.0202 6072  [ F82FC2C30A19442B95AE554215837C46 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
17:34:00.0296 6072  XAudioService - ok
17:34:00.0421 6072  [ 8098180B3F6C430A4E60333BC036F936 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
17:34:00.0436 6072  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:34:00.0468 6072  ================ Scan global ===============================
17:34:00.0514 6072  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:34:00.0577 6072  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
17:34:00.0624 6072  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
17:34:00.0686 6072  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
17:34:00.0702 6072  [Global] - ok
17:34:00.0702 6072  ================ Scan MBR ==================================
17:34:00.0764 6072  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
17:34:06.0489 6072  \Device\Harddisk0\DR0 - ok
17:34:06.0505 6072  ================ Scan VBR ==================================
17:34:06.0505 6072  [ 948902500FAB6F7B4136A36B3A8328F4 ] \Device\Harddisk0\DR0\Partition1
17:34:06.0505 6072  \Device\Harddisk0\DR0\Partition1 - ok
17:34:06.0552 6072  [ 1E88FAB5E439DB35D96B2DEF1CAA456E ] \Device\Harddisk0\DR0\Partition2
17:34:06.0552 6072  \Device\Harddisk0\DR0\Partition2 - ok
17:34:06.0567 6072  ============================================================
17:34:06.0567 6072  Scan finished
17:34:06.0567 6072  ============================================================
17:34:06.0614 5956  Detected object count: 10
17:34:06.0614 5956  Actual detected object count: 10
17:36:33.0115 5956  ALaunchService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  ALaunchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0115 5956  eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0115 5956  eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0115 5956  eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0115 5956  eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0130 5956  iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0130 5956  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0130 5956  NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0130 5956  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:36:33.0130 5956  WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Was soll ich weiter machen?
danke

cosinus · 17.10.2012, 17:49

Du brauchst nicht bei jedem Post zu fragen wie es weiter geht, ich seh das schon wenn du das Log gepostet hast

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

anita_kitz · 18.10.2012, 00:19

Hallo cosinus,
hier der inhalt aus der logdatei :
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-17.05 - Resi 18.10.2012   0:44.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.1013.314 [GMT 2:00]
ausgeführt von:: c:\users\Resi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msstdfmt.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-17 bis 2012-10-17  ))))))))))))))))))))))))))))))
.
.
2012-10-17 23:01 . 2012-10-17 23:01	--------	d-----w-	c:\users\Resi\AppData\Local\temp
2012-10-17 23:01 . 2012-10-17 23:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-17 14:30 . 2012-10-17 14:30	--------	d-----w-	C:\_OTL
2012-10-13 18:43 . 2012-10-13 18:43	--------	d-----w-	c:\program files\ESET
2012-10-10 20:21 . 2012-10-10 20:21	--------	d-----w-	c:\users\Resi\AppData\Roaming\Malwarebytes
2012-10-10 20:19 . 2012-10-10 20:19	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-10 20:19 . 2012-10-10 20:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-10 20:19 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-10 20:17 . 2012-10-10 20:14	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-10 20:16 . 2012-10-10 20:15	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 20:09 . 2012-10-17 14:12	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-10-02 14:37 . 2012-10-02 14:37	--------	d-----w-	c:\users\Resi\AppData\Roaming\Avira
2012-10-02 14:28 . 2012-10-01 15:14	134184	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-02 14:28 . 2012-09-24 07:58	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-02 14:28 . 2012-09-13 08:58	83792	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-02 14:28 . 2012-10-02 14:31	--------	d-----w-	c:\programdata\Avira
2012-10-02 14:28 . 2012-10-02 14:28	--------	d-----w-	c:\program files\Avira
2012-10-02 13:21 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F96F89EB-1305-42A7-BCAB-885C5617FDD0}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:14 . 2011-01-10 17:00	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-13 17:03 . 2012-07-13 17:03	4024320	----a-w-	c:\program files\GUTDE5.tmp
2012-10-15 20:05 . 2012-10-15 20:05	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2012-07-13 17418928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-14 161336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-27 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 18:54]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 21:08]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 21:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 217.14.229.250 217.14.229.251
FF - ProfilePath - c:\users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2009-08-08 07:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-18 01:01
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-10-18  01:06:17
ComboFix-quarantined-files.txt  2012-10-17 23:06
.
Vor Suchlauf: 14 Verzeichnis(se), 13.731.553.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.952.036.864 Bytes frei
.
- - End Of File - - 16AB284E94EAAF5B584B2FF41F1C1702

--- --- ---

cosinus · 18.10.2012, 10:01

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

anita_kitz · 18.10.2012, 11:53

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-18 12:50:08
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: 1s9d5sq7.exe; Driver: C:\Users\Resi\AppData\Local\Temp\kgldrpod.sys


---- System - GMER 1.0.15 ----

SSDT            88C8CB56                                                                                             ZwCreateSection
SSDT            88C8CB60                                                                                             ZwRequestWaitReplyPort
SSDT            88C8CB5B                                                                                             ZwSetContextThread
SSDT            88C8CB65                                                                                             ZwSetSecurityObject
SSDT            88C8CB6A                                                                                             ZwSystemDebugControl
SSDT            88C8CAF7                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 405                                                                     81CA09CC 4 Bytes  [56, CB, C8, 88]
.text           ntoskrnl.exe!KeInsertQueue + 729                                                                     81CA0CF0 4 Bytes  [60, CB, C8, 88]
.text           ntoskrnl.exe!KeInsertQueue + 75D                                                                     81CA0D24 4 Bytes  [5B, CB, C8, 88]
.text           ntoskrnl.exe!KeInsertQueue + 7C1                                                                     81CA0D88 4 Bytes  [65, CB, C8, 88]
.text           ntoskrnl.exe!KeInsertQueue + 809                                                                     81CA0DD0 4 Bytes  [6A, CB, C8, 88]
.text           ...                                                                                                  

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [75058864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [75099855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7505B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7504FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [75057A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7504EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [7508B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7505BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [75050756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [750506BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [750471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [750DD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [75077329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7504E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [7504697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [750469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [75052475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:05:11 on 18.10.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Resi\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgldrpod" (kgldrpod) - ? - C:\Users\Resi\AppData\Local\Temp\kgldrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "Java Plug-in 1.4.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
<binary data> "{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"Google Updater" - "Google" - "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe
"Avira Browser-Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit-Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

cosinus · 18.10.2012, 12:35

was ist mit aswMBR?

anita_kitz · 18.10.2012, 12:40

ist noch am scannen... weiß nicht ob es hängt oder noch scannt... steht bei AVAST engine scan C:\Users\Resi...

Muß jetzt allerdings außer haus... werd ihn laufen lassen und wenn ich so ca 5 Uhr zurück komm dann weiter machen...

hier die logdatei von aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 13:08:04
-----------------------------
13:08:04.146    OS Version: Windows 6.0.6001 Service Pack 1
13:08:04.146    Number of processors: 1 586 0x1601
13:08:04.146    ComputerName: RESI-PC  UserName: Resi
13:08:18.467    Initialize success
13:18:08.078    AVAST engine defs: 12101801
13:18:19.809    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:18:19.809    Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3
13:18:20.714    Disk 0 MBR read successfully
13:18:20.714    Disk 0 MBR scan
13:18:21.198    Disk 0 unknown MBR code
13:18:21.338    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9993 MB offset 63
13:18:21.447    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS        52371 MB offset 20467712
13:18:21.588    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        52107 MB offset 127723520
13:18:22.071    Disk 0 scanning sectors +234438656
13:18:24.208    Disk 0 scanning C:\Windows\system32\drivers
13:20:14.064    Service scanning
13:21:04.982    Modules scanning
13:21:32.532    Disk 0 trace - called modules:
13:21:32.594    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll dxgkrnl.sys igdkmd32.sys 
13:21:32.610    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x841017c0]
13:21:32.641    3 CLASSPNP.SYS[865bf745] -> nt!IofCallDriver -> [0x84007b98]
13:21:35.667    AVAST engine scan C:\Windows
13:21:52.141    AVAST engine scan C:\Windows\system32
13:32:09.199    AVAST engine scan C:\Windows\system32\drivers
13:32:46.998    AVAST engine scan C:\Users\Resi
14:01:34.666    AVAST engine scan C:\ProgramData
14:04:32.163    Scan finished successfully
16:59:12.620    Disk 0 MBR has been saved successfully to "C:\Users\Resi\Desktop\MBR.dat"
16:59:12.791    The log file has been saved successfully to "C:\Users\Resi\Desktop\aswMBR.txt"

18.10.2012, 12:35	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt was ist mit aswMBR? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt

Plagegeister aller Art und deren Bekämpfung: Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt