Kann nicht auf Desktop zugreifen!

Chris2 · 22.01.2013, 18:36

Hallo,
vielleicht kann mir ja einer bei meinem Problem helfen wäre echt super.

Vor einigen Tage hab ich im Internet gesurft, plötzlich fährt der Pc runter. Ich hab ihn neu gestartet und mich angemeldet. Dann sehe ich kurz alle Desktop Symbole, sie verschwinden wieder und kurz darauf ist der Bildschirm weiß. Auf den Taskmanager kann ich zugreifen mehr leider nicht. Wenn ich den Pc dann wieder runterfahre sehe ich kurz wieder alle Desktopn Symbole. Habe schon versucht im abgesicherten Modus zu starten aber geht nicht, Pc wird von alleine neu gestartet.

Habe keine Ahnung was das Problem ist und was ich tun soll.

Danke vorab für die Hilfe

Mfg Chris

markusg · 22.01.2013, 18:38

hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Chris2 · 22.01.2013, 18:44

Danke für deine schnelle hilfe. werde mich morgen darum kümmern. Komme heute leider nicht mehr an einen anderen Pc

markusg · 22.01.2013, 18:45

lasse solche zwischenposts weg, und mach einfach wenn du Zeit hast

Chris2 · 23.01.2013, 20:45

hallo
habe alles gemacht wie du es beschrieben hattest, doch beim Scanforgang kam dann die Meldung Out of Memory. Hab es mehrmals probiert aber es kam immer diese Meldung.
Vielleicht kannst du mir weiterhelfen.
Danke

markusg · 24.01.2013, 12:40

hi
versuchs mal ohne das Script von oben

Chris2 · 24.01.2013, 17:58

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/24/2013 5:45:02 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.50 Gb Total Space | 42.85 Gb Free Space | 35.86% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 297.76 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/08 13:28:04 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008/05/01 20:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/04/25 06:30:26 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 04:39:29 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/13 04:09:23 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/07 10:04:46 | 000,676,936 | ---- | M] () [Auto] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 10:04:46 | 000,399,432 | ---- | M] () [Auto] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/22 08:46:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/06/11 09:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 09:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/08 13:33:34 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 13:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/19 09:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011/03/29 12:04:15 | 000,075,136 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 11:07:48 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] () [Auto] -- D:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/15 02:54:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)
SRV - [2008/01/25 11:49:04 | 000,269,448 | ---- | M] (CyberLink) [Disabled] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/07 10:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/21 13:20:24 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/28 17:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/03/28 17:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/28 17:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/15 04:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/15 06:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/06/25 10:31:23 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/25 10:31:23 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/07 09:41:46 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/02/28 21:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/28 21:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/12/14 03:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64l.sys -- (SkLaggProtocol)
DRV:64bit: - [2007/12/06 03:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/11/25 22:16:32 | 000,086,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007/11/23 03:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64v.sys -- (SkVlanProtocol)
DRV:64bit: - [2007/08/20 05:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/06/19 03:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007/06/19 03:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV:64bit: - [2007/06/19 03:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/19 03:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV:64bit: - [2007/06/19 03:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV:64bit: - [2007/06/19 03:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007/06/19 03:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV:64bit: - [2006/11/02 02:48:50 | 000,326,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ati2mpad.sys -- (ati2mpad)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2013/01/19 09:35:49 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\ex64.sys -- (NAVEX15)
DRV - [2013/01/19 09:35:49 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\eng64.sys -- (NAVENG)
DRV - [2012/12/14 12:06:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:50:46 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/16 03:18:35 | 000,241,848 | ---- | M] () [Kernel | On_Demand] -- C:\Users\Chris\AppData\Roaming\TZAC\tizek64.sys -- (tizekdrv)
DRV - [2010/10/07 11:08:48 | 000,022,584 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/08/19 14:08:04 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/06/18 07:54:58 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/25 06:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2007/09/07 08:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007/06/29 02:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Chris\Desktop
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com [binary data]
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Chris_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Chris_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Web Player\npdivx32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/23 10:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/01/22 12:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 04:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/13 04:09:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 04:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/13 04:09:18 | 000,000,000 | ---D | M]
 
[2008/11/26 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/12/12 11:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions
[2010/12/24 02:11:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/07 10:03:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/05/16 10:25:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\engine@conduit.com
[2011/05/14 01:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\nostmp
[2012/01/14 09:32:42 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\toolbar@ask.com
[2012/11/15 11:30:59 | 000,002,539 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\aol-search.xml
[2013/01/12 09:30:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-1.xml
[2010/04/03 00:02:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-10.xml
[2010/06/27 14:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-11.xml
[2010/07/02 04:19:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-12.xml
[2010/07/22 12:37:38 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-13.xml
[2010/07/26 14:28:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-14.xml
[2010/09/12 11:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-15.xml
[2010/09/17 13:18:58 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-16.xml
[2010/10/24 02:33:33 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-17.xml
[2010/10/29 11:32:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-18.xml
[2010/12/13 12:40:20 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-19.xml
[2009/07/23 14:13:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-2.xml
[2010/12/24 03:00:04 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-20.xml
[2011/03/21 11:11:06 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-21.xml
[2011/04/21 13:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-22.xml
[2011/05/14 01:34:46 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-23.xml
[2009/08/04 16:01:49 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-3.xml
[2009/09/11 16:18:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-4.xml
[2009/10/30 14:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-5.xml
[2009/12/17 11:12:26 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-6.xml
[2010/01/06 11:39:41 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-7.xml
[2010/01/06 14:21:07 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-8.xml
[2010/03/24 13:03:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-9.xml
[2008/07/10 07:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin.xml
[2009/03/02 12:23:26 | 000,001,632 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\live-search.xml
[2012/02/13 13:10:00 | 000,002,448 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\safesearch.xml
[2009/09/04 09:52:21 | 000,001,196 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\winamp-search.xml
[2013/01/13 04:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/13 04:09:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) -- 
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XG1MPTBR.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2013/01/13 04:09:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/11 10:39:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/14 14:11:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/11 10:39:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/11 10:39:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/11 10:39:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/11 10:39:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/09/10 03:05:42 | 000,444,168 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	å…¨è®¯ç½‘,åšå½©ä¼˜æƒ*,çš‡å†*æ*£ç½‘cr67com,çš‡å†*æ¯”åˆ†,çš‡å†*å³æ—¶æŒ‡æ•°,å¤ªé˜³åŸŽä»£ç†112scg,ttå¨±ä¹åŸŽ8bc8,ç½‘ä¸ŠçœŸé’±å¨±
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²ÊÍ¨,²©²ÊÍø,½ð±¦²©188,²©²ÊÍ¨ÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\Chris_ON_C..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Chris_ON_C..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - HKU\Chris_ON_C..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\Chris_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Chris_ON_C\..Trusted Domains: fritz.box ([]* in Local intranet)
O15:64bit: - Chris_ON_C\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Chris_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Chris_ON_C Winlogon: Shell - (C:\Users\Chris\AppData\Roaming\skype.dat) - C:\Users\Chris\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O27:64bit: - HKLM IFEO\erecoveryui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ntunecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nvprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\erecoveryui.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\googleupdater.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\javaw.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\javaws.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\ntunecmd.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\nvprofile.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{46fd72bc-9a8d-11dd-b948-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46fd72bc-9a8d-11dd-b948-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/13 04:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/10 11:45:49 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/10 11:45:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2013/01/10 11:45:35 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/22 12:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/22 12:21:10 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini
[2013/01/22 12:20:44 | 000,000,138 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/01/22 12:20:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 12:20:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/01/22 12:19:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:19:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:14:34 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/22 12:14:34 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/22 12:14:34 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/22 12:14:34 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/22 11:41:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 03:25:37 | 000,002,032 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/12 10:37:30 | 000,093,184 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/12 10:03:45 | 000,246,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/12 08:46:09 | 001,538,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013/01/19 09:57:54 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.ini
[2012/09/10 10:49:38 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2012/09/10 10:14:14 | 000,003,072 | ---- | C] () -- C:\Users\Chris\AppData\Local\file__0.localstorage
[2012/09/10 02:39:30 | 000,000,732 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2012/01/11 11:51:44 | 000,063,488 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.dat
[2011/10/25 10:28:09 | 001,538,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/18 16:49:51 | 000,001,940 | ---- | C] () -- C:\Users\Chris\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/10 07:24:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/04/10 07:24:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BXD2140.DAT
[2010/04/10 07:03:57 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2010/04/10 07:03:44 | 000,000,037 | ---- | C] () -- C:\Windows\SysWow64\bd2140.dat
[2010/04/10 04:27:19 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/04/10 04:27:19 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/10 04:27:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/04/10 04:24:47 | 000,000,138 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/12/29 14:04:16 | 000,000,271 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/29 12:46:21 | 000,022,584 | ---- | C] () -- C:\Windows\SysWow64\drivers\PnkBstrK.sys
[2009/10/29 12:25:53 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/29 12:25:52 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/19 11:04:40 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/17 10:32:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 10:32:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/17 10:32:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/19 17:29:43 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini
[2008/11/28 09:44:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/11/27 12:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infob.dat
[2008/11/27 12:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infoa.dat
[2008/11/27 12:26:53 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\treeinfo.dat
[2008/11/27 12:26:27 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/11/27 12:14:45 | 000,093,184 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/26 13:44:32 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/11/26 12:06:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/26 11:39:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/26 11:13:49 | 000,002,032 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/10/15 03:02:27 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/10/15 03:02:27 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/04/30 12:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/04/30 12:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/04/30 11:48:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010/12/26 03:59:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited
[2012/07/06 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon
[2012/12/18 12:37:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/07/14 13:43:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CPUControl
[2012/02/03 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2012/01/15 11:22:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/10/25 10:04:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2012/10/03 10:06:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2012/07/05 12:58:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2008/12/24 11:06:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2013/01/03 02:55:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HLSW
[2012/04/13 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ
[2008/11/28 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ Toolbar
[2009/10/02 13:49:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Inkscape
[2012/10/27 04:52:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mumble
[2009/01/25 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012/12/18 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PhotoScape
[2011/04/01 11:58:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SLAnticheat
[2009/01/31 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2008/12/13 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Teleca
[2011/03/05 09:15:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2010/01/25 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010/12/06 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2012/03/16 03:27:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TZAC
[2009/06/25 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/01/25 13:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/12/26 03:59:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/30 12:02:29 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/25 06:26:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Futuremark
[2010/01/27 15:28:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/01/25 11:38:58 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/12/24 03:35:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/06/25 10:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/12/10 16:59:34 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/11/03 12:28:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/12/18 15:33:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2009/05/28 15:39:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/06/14 11:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/11/30 11:34:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/22 12:21:20 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

markusg · 24.01.2013, 21:28

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKU\Chris_ON_C Winlogon: Shell - (C:\Users\Chris\AppData\Roaming\skype.dat) - C:\Users\Chris\AppData\Roaming\skype.dat ()
[2013/01/22 12:21:10 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini
:Files
C:\Users\Chris\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Chris2 · 25.01.2013, 16:30

alles klappt soweit, bis ich ein zweites mal den fix button drücken will programm hängt sich auf es reagiert nicht mehr. cpu läuft auf volllast

markusg · 25.01.2013, 16:38

dann tippe den fix per hand ein

Chris2 · 25.01.2013, 16:43

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\Chris_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Chris\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Chris\AppData\Roaming\skype.dat moved successfully.
C:\Users\Chris\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
File\Folder C:\Users\Chris\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Chris

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Chris

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 01252013_164122

markusg · 25.01.2013, 16:46

im normalen Modus internet verbindung herstellen, dann:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Chris2 · 25.01.2013, 17:00

16:55:42.0989 0516 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:55:43.0219 0516 ============================================================
16:55:43.0219 0516 Current date / time: 2013/01/25 16:55:43.0219
16:55:43.0219 0516 SystemInfo:
16:55:43.0219 0516
16:55:43.0219 0516 OS Version: 6.0.6002 ServicePack: 2.0
16:55:43.0219 0516 Product type: Workstation
16:55:43.0219 0516 ComputerName: CHRIS-PC
16:55:43.0219 0516 UserName: Chris
16:55:43.0219 0516 Windows directory: C:\Windows
16:55:43.0219 0516 System windows directory: C:\Windows
16:55:43.0219 0516 Running under WOW64
16:55:43.0219 0516 Processor architecture: Intel x64
16:55:43.0219 0516 Number of processors: 4
16:55:43.0219 0516 Page size: 0x1000
16:55:43.0219 0516 Boot type: Normal boot
16:55:43.0219 0516 ============================================================
16:55:43.0655 0516 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x60F1A, SectorsPerTrack: 0x3, TracksPerCylinder: 0xF6, Type 'K0', Flags 0x00000040
16:55:43.0660 0516 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:43.0665 0516 Drive \Device\Harddisk2\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:43.0686 0516 Drive \Device\Harddisk7\DR7 - Size: 0x3ECFFC00 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:55:43.0689 0516 ============================================================
16:55:43.0689 0516 \Device\Harddisk0\DR0:
16:55:43.0689 0516 MBR partitions:
16:55:43.0689 0516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0xEEFD800
16:55:43.0689 0516 \Device\Harddisk1\DR1:
16:55:43.0689 0516 MBR partitions:
16:55:43.0689 0516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
16:55:43.0689 0516 \Device\Harddisk2\DR2:
16:55:43.0689 0516 MBR partitions:
16:55:43.0690 0516 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
16:55:43.0690 0516 \Device\Harddisk7\DR7:
16:55:43.0690 0516 MBR partitions:
16:55:43.0690 0516 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F67BE
16:55:43.0690 0516 ============================================================
16:55:43.0710 0516 C: <-> \Device\Harddisk0\DR0\Partition1
16:55:43.0737 0516 D: <-> \Device\Harddisk1\DR1\Partition1
16:55:43.0762 0516 E: <-> \Device\Harddisk2\DR2\Partition1
16:55:43.0762 0516 ============================================================
16:55:43.0762 0516 Initialize success
16:55:43.0762 0516 ============================================================
16:55:59.0422 2180 ============================================================
16:55:59.0422 2180 Scan started
16:55:59.0422 2180 Mode: Manual; SigCheck; TDLFS;
16:55:59.0422 2180 ============================================================
16:55:59.0853 2180 ================ Scan system memory ========================
16:55:59.0853 2180 System memory - ok
16:55:59.0853 2180 ================ Scan services =============================
16:55:59.0934 2180 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
16:56:00.0013 2180 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
16:56:00.0013 2180 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
16:56:00.0174 2180 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:56:00.0196 2180 ACPI - ok
16:56:00.0218 2180 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:56:00.0267 2180 adp94xx - ok
16:56:00.0291 2180 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:56:00.0311 2180 adpahci - ok
16:56:00.0330 2180 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:56:00.0344 2180 adpu160m - ok
16:56:00.0358 2180 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:56:00.0373 2180 adpu320 - ok
16:56:00.0383 2180 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:00.0459 2180 AeLookupSvc - ok
16:56:00.0477 2180 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
16:56:00.0510 2180 AFD - ok
16:56:00.0526 2180 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:00.0544 2180 agp440 - ok
16:56:00.0569 2180 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:56:00.0581 2180 aic78xx - ok
16:56:00.0594 2180 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:56:00.0686 2180 ALG - ok
16:56:00.0706 2180 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:00.0727 2180 aliide - ok
16:56:00.0740 2180 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:00.0751 2180 amdide - ok
16:56:00.0760 2180 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:56:00.0794 2180 AmdK8 - ok
16:56:00.0809 2180 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:56:00.0837 2180 Appinfo - ok
16:56:00.0902 2180 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:00.0913 2180 Apple Mobile Device - ok
16:56:00.0938 2180 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:56:00.0952 2180 arc - ok
16:56:00.0962 2180 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:56:00.0974 2180 arcsas - ok
16:56:01.0032 2180 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:56:01.0043 2180 aspnet_state - ok
16:56:01.0057 2180 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:01.0088 2180 AsyncMac - ok
16:56:01.0100 2180 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:01.0112 2180 atapi - ok
16:56:01.0132 2180 [ A9FA2A0FBA4295FB5A70FDF15F83339C ] ati2mpad C:\Windows\system32\DRIVERS\ati2mpad.sys
16:56:01.0241 2180 ati2mpad - ok
16:56:01.0269 2180 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
16:56:01.0425 2180 atksgt - ok
16:56:01.0451 2180 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:01.0479 2180 AudioEndpointBuilder - ok
16:56:01.0485 2180 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:56:01.0510 2180 AudioSrv - ok
16:56:01.0549 2180 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:56:01.0562 2180 BBSvc - ok
16:56:01.0583 2180 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:56:01.0597 2180 BBUpdate - ok
16:56:01.0621 2180 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:56:01.0648 2180 BFE - ok
16:56:01.0758 2180 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
16:56:01.0802 2180 BHDrvx64 - ok
16:56:01.0838 2180 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:56:01.0895 2180 BITS - ok
16:56:01.0923 2180 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:56:01.0956 2180 blbdrive - ok
16:56:02.0000 2180 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:56:02.0018 2180 Bonjour Service - ok
16:56:02.0046 2180 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:56:02.0067 2180 bowser - ok
16:56:02.0074 2180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:56:02.0102 2180 BrFiltLo - ok
16:56:02.0109 2180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:56:02.0132 2180 BrFiltUp - ok
16:56:02.0145 2180 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:56:02.0181 2180 Browser - ok
16:56:02.0201 2180 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:56:02.0248 2180 Brserid - ok
16:56:02.0268 2180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:56:02.0310 2180 BrSerWdm - ok
16:56:02.0323 2180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:56:02.0372 2180 BrUsbMdm - ok
16:56:02.0392 2180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:56:02.0438 2180 BrUsbSer - ok
16:56:02.0451 2180 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:56:02.0502 2180 BTHMODEM - ok
16:56:02.0548 2180 [ 610AB863245F18E21D90F15DA4ED1953 ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
16:56:02.0557 2180 BUNAgentSvc - ok
16:56:02.0615 2180 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
16:56:02.0629 2180 ccSet_N360 - ok
16:56:02.0659 2180 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:56:02.0688 2180 cdfs - ok
16:56:02.0711 2180 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:56:02.0735 2180 cdrom - ok
16:56:02.0762 2180 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:56:02.0785 2180 CertPropSvc - ok
16:56:02.0793 2180 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:56:02.0822 2180 circlass - ok
16:56:02.0839 2180 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:56:02.0858 2180 CLFS - ok
16:56:02.0885 2180 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:02.0897 2180 clr_optimization_v2.0.50727_32 - ok
16:56:02.0926 2180 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:56:02.0938 2180 clr_optimization_v2.0.50727_64 - ok
16:56:02.0979 2180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:02.0991 2180 clr_optimization_v4.0.30319_32 - ok
16:56:03.0006 2180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:56:03.0019 2180 clr_optimization_v4.0.30319_64 - ok
16:56:03.0035 2180 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:56:03.0048 2180 cmdide - ok
16:56:03.0065 2180 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:56:03.0076 2180 Compbatt - ok
16:56:03.0080 2180 COMSysApp - ok
16:56:03.0086 2180 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:56:03.0098 2180 crcdisk - ok
16:56:03.0112 2180 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:56:03.0135 2180 CryptSvc - ok
16:56:03.0172 2180 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:56:03.0213 2180 DcomLaunch - ok
16:56:03.0230 2180 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:56:03.0264 2180 DfsC - ok
16:56:03.0320 2180 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:56:03.0459 2180 DFSR - ok
16:56:03.0489 2180 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:56:03.0518 2180 Dhcp - ok
16:56:03.0534 2180 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:56:03.0548 2180 disk - ok
16:56:03.0575 2180 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:56:03.0602 2180 Dnscache - ok
16:56:03.0627 2180 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:56:03.0653 2180 dot3svc - ok
16:56:03.0671 2180 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:56:03.0706 2180 DPS - ok
16:56:03.0729 2180 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:56:03.0751 2180 drmkaud - ok
16:56:03.0792 2180 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:56:03.0868 2180 DXGKrnl - ok
16:56:03.0897 2180 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:56:03.0932 2180 E1G60 - ok
16:56:03.0946 2180 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:56:03.0967 2180 EapHost - ok
16:56:03.0984 2180 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:56:03.0998 2180 Ecache - ok
16:56:04.0030 2180 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:56:04.0045 2180 eeCtrl - ok
16:56:04.0085 2180 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:56:04.0122 2180 ehRecvr - ok
16:56:04.0140 2180 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:56:04.0159 2180 ehSched - ok
16:56:04.0169 2180 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:56:04.0191 2180 ehstart - ok
16:56:04.0215 2180 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:56:04.0234 2180 elxstor - ok
16:56:04.0257 2180 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:56:04.0301 2180 EMDMgmt - ok
16:56:04.0319 2180 [ 12C061D9F9621BE916D58191872EC281 ] ENTECH64 C:\Windows\system32\DRIVERS\ENTECH64.sys
16:56:04.0329 2180 ENTECH64 - ok
16:56:04.0344 2180 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:56:04.0354 2180 EraserUtilRebootDrv - ok
16:56:04.0364 2180 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:56:04.0397 2180 ErrDev - ok
16:56:04.0431 2180 [ 20D3741680AB88269BADCDB161B36705 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
16:56:04.0443 2180 ETService ( UnsignedFile.Multi.Generic ) - warning
16:56:04.0443 2180 ETService - detected UnsignedFile.Multi.Generic (1)
16:56:04.0463 2180 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:56:04.0511 2180 EventSystem - ok
16:56:04.0536 2180 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:56:04.0578 2180 exfat - ok
16:56:04.0599 2180 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:56:04.0629 2180 fastfat - ok
16:56:04.0640 2180 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:56:04.0668 2180 fdc - ok
16:56:04.0687 2180 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:56:04.0721 2180 fdPHost - ok
16:56:04.0738 2180 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:56:04.0784 2180 FDResPub - ok
16:56:04.0799 2180 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:56:04.0816 2180 FileInfo - ok
16:56:04.0838 2180 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:56:04.0874 2180 Filetrace - ok
16:56:04.0883 2180 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:04.0916 2180 flpydisk - ok
16:56:04.0929 2180 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:56:04.0944 2180 FltMgr - ok
16:56:04.0981 2180 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
16:56:05.0071 2180 FontCache - ok
16:56:05.0106 2180 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:56:05.0116 2180 FontCache3.0.0.0 - ok
16:56:05.0131 2180 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:56:05.0159 2180 Fs_Rec - ok
16:56:05.0187 2180 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:56:05.0200 2180 gagp30kx - ok
16:56:05.0221 2180 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:05.0230 2180 GEARAspiWDM - ok
16:56:05.0259 2180 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:56:05.0308 2180 gpsvc - ok
16:56:05.0345 2180 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9cf56ff9bde1c C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:05.0355 2180 gupdate1c9cf56ff9bde1c - ok
16:56:05.0359 2180 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:05.0369 2180 gupdatem - ok
16:56:05.0381 2180 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:56:05.0392 2180 gusvc - ok
16:56:05.0407 2180 [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:56:05.0417 2180 hamachi - ok
16:56:05.0447 2180 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:56:05.0500 2180 HdAudAddService - ok
16:56:05.0537 2180 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:56:05.0613 2180 HDAudBus - ok
16:56:05.0629 2180 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:56:05.0670 2180 HidBth - ok
16:56:05.0689 2180 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:56:05.0731 2180 HidIr - ok
16:56:05.0750 2180 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
16:56:05.0770 2180 hidserv - ok
16:56:05.0796 2180 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:56:05.0824 2180 HidUsb - ok
16:56:05.0848 2180 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:56:05.0879 2180 hkmsvc - ok
16:56:05.0893 2180 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:56:05.0907 2180 HpCISSs - ok
16:56:05.0929 2180 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:56:05.0971 2180 HTTP - ok
16:56:05.0981 2180 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:56:05.0993 2180 i2omp - ok
16:56:06.0001 2180 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:56:06.0022 2180 i8042prt - ok
16:56:06.0037 2180 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:56:06.0053 2180 iaStorV - ok
16:56:06.0083 2180 [ 848EDEBB3C1D6FEC50E09EDA95C21E84 ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
16:56:06.0096 2180 ICQ Service - ok
16:56:06.0136 2180 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:56:06.0174 2180 idsvc - ok
16:56:06.0233 2180 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130118.001\IDSvia64.sys
16:56:06.0248 2180 IDSVia64 - ok
16:56:06.0271 2180 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:56:06.0282 2180 iirsp - ok
16:56:06.0303 2180 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:56:06.0330 2180 IKEEXT - ok
16:56:06.0393 2180 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
16:56:06.0403 2180 int15 - ok
16:56:06.0453 2180 [ F93149CE3E6A866C5F42878BCFF34B6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:56:06.0490 2180 IntcAzAudAddService - ok
16:56:06.0498 2180 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:56:06.0509 2180 intelide - ok
16:56:06.0523 2180 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:56:06.0559 2180 intelppm - ok
16:56:06.0582 2180 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:56:06.0615 2180 IPBusEnum - ok
16:56:06.0632 2180 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:06.0662 2180 IpFilterDriver - ok
16:56:06.0687 2180 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:56:06.0716 2180 iphlpsvc - ok
16:56:06.0720 2180 IpInIp - ok
16:56:06.0732 2180 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:56:06.0760 2180 IPMIDRV - ok
16:56:06.0777 2180 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:56:06.0810 2180 IPNAT - ok
16:56:06.0843 2180 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:56:06.0880 2180 iPod Service - ok
16:56:06.0898 2180 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:56:06.0942 2180 IRENUM - ok
16:56:06.0954 2180 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:56:06.0967 2180 isapnp - ok
16:56:06.0989 2180 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:56:07.0003 2180 iScsiPrt - ok
16:56:07.0014 2180 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:56:07.0027 2180 iteatapi - ok
16:56:07.0043 2180 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:56:07.0057 2180 iteraid - ok
16:56:07.0071 2180 [ 3AF672AB77E21FCDC2DC0E10B55BEF4F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
16:56:07.0093 2180 JRAID - ok
16:56:07.0107 2180 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:07.0119 2180 kbdclass - ok
16:56:07.0138 2180 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:07.0167 2180 kbdhid - ok
16:56:07.0183 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
16:56:07.0208 2180 KeyIso - ok
16:56:07.0283 2180 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:56:07.0318 2180 KSecDD - ok
16:56:07.0343 2180 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:56:07.0371 2180 ksthunk - ok
16:56:07.0442 2180 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:56:07.0496 2180 KtmRm - ok
16:56:07.0534 2180 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:56:07.0576 2180 LanmanServer - ok
16:56:07.0597 2180 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:56:07.0622 2180 LanmanWorkstation - ok
16:56:07.0680 2180 [ 4D25A79A9F67A7E2D8D5382E75FCB124 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
16:56:07.0692 2180 LBTServ - ok
16:56:07.0738 2180 [ AA3D903C5A7538803F2400A8391F1881 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:56:07.0747 2180 LHidFilt - ok
16:56:07.0847 2180 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:56:07.0861 2180 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:56:07.0861 2180 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:56:07.0875 2180 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
16:56:07.0885 2180 lirsgt - ok
16:56:07.0900 2180 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:56:07.0933 2180 lltdio - ok
16:56:07.0952 2180 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:56:07.0995 2180 lltdsvc - ok
16:56:08.0010 2180 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:56:08.0047 2180 lmhosts - ok
16:56:08.0055 2180 [ 90B4B2B0B5F05ABB9FB365405A7B825B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:56:08.0064 2180 LMouFilt - ok
16:56:08.0081 2180 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:56:08.0094 2180 LSI_FC - ok
16:56:08.0109 2180 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:56:08.0122 2180 LSI_SAS - ok
16:56:08.0136 2180 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:56:08.0149 2180 LSI_SCSI - ok
16:56:08.0158 2180 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:56:08.0187 2180 luafv - ok
16:56:08.0201 2180 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:56:08.0214 2180 MBAMProtector - ok
16:56:08.0267 2180 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:56:08.0310 2180 MBAMScheduler - ok
16:56:08.0339 2180 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService D:\Malwarebytes' Anti-Malware\mbamservice.exe
16:56:08.0370 2180 MBAMService - ok
16:56:08.0401 2180 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:56:08.0421 2180 Mcx2Svc - ok
16:56:08.0432 2180 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:56:08.0444 2180 megasas - ok
16:56:08.0461 2180 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:56:08.0490 2180 MegaSR - ok
16:56:08.0508 2180 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:56:08.0543 2180 MMCSS - ok
16:56:08.0557 2180 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:56:08.0585 2180 Modem - ok
16:56:08.0605 2180 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:56:08.0633 2180 monitor - ok
16:56:08.0669 2180 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:56:08.0680 2180 mouclass - ok
16:56:08.0692 2180 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:56:08.0721 2180 mouhid - ok
16:56:08.0746 2180 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:56:08.0758 2180 MountMgr - ok
16:56:08.0803 2180 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:56:08.0816 2180 MozillaMaintenance - ok
16:56:08.0828 2180 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:56:08.0858 2180 mpio - ok
16:56:08.0879 2180 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:56:08.0904 2180 mpsdrv - ok
16:56:08.0930 2180 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:56:08.0960 2180 MpsSvc - ok
16:56:08.0970 2180 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:56:08.0982 2180 Mraid35x - ok
16:56:08.0999 2180 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:56:09.0022 2180 MRxDAV - ok
16:56:09.0033 2180 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:09.0056 2180 mrxsmb - ok
16:56:09.0070 2180 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:09.0092 2180 mrxsmb10 - ok
16:56:09.0097 2180 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:09.0110 2180 mrxsmb20 - ok
16:56:09.0120 2180 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
16:56:09.0132 2180 msahci - ok
16:56:09.0140 2180 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:56:09.0153 2180 msdsm - ok
16:56:09.0163 2180 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:56:09.0196 2180 MSDTC - ok
16:56:09.0215 2180 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:56:09.0243 2180 Msfs - ok
16:56:09.0255 2180 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:56:09.0266 2180 msisadrv - ok
16:56:09.0297 2180 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:56:09.0336 2180 MSiSCSI - ok
16:56:09.0340 2180 msiserver - ok
16:56:09.0351 2180 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:56:09.0378 2180 MSKSSRV - ok
16:56:09.0399 2180 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:09.0426 2180 MSPCLOCK - ok
16:56:09.0437 2180 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:56:09.0468 2180 MSPQM - ok
16:56:09.0490 2180 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:56:09.0506 2180 MsRPC - ok
16:56:09.0523 2180 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:56:09.0534 2180 mssmbios - ok
16:56:09.0556 2180 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:56:09.0583 2180 MSTEE - ok
16:56:09.0591 2180 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:56:09.0603 2180 Mup - ok
16:56:09.0638 2180 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
16:56:09.0649 2180 N360 - ok
16:56:09.0672 2180 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:56:09.0700 2180 napagent - ok
16:56:09.0716 2180 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:56:09.0737 2180 NativeWifiP - ok
16:56:09.0786 2180 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\ENG64.SYS
16:56:09.0797 2180 NAVENG - ok
16:56:09.0898 2180 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\EX64.SYS
16:56:09.0946 2180 NAVEX15 - ok
16:56:09.0980 2180 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:56:10.0018 2180 NDIS - ok
16:56:10.0035 2180 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:10.0056 2180 NdisTapi - ok
16:56:10.0083 2180 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:10.0110 2180 Ndisuio - ok
16:56:10.0136 2180 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:10.0158 2180 NdisWan - ok
16:56:10.0179 2180 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:56:10.0208 2180 NDProxy - ok
16:56:10.0226 2180 Nero BackItUp Scheduler 4.0 - ok
16:56:10.0234 2180 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:56:10.0262 2180 NetBIOS - ok
16:56:10.0278 2180 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:56:10.0308 2180 netbt - ok
16:56:10.0321 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
16:56:10.0334 2180 Netlogon - ok
16:56:10.0365 2180 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:56:10.0406 2180 Netman - ok
16:56:10.0443 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0456 2180 NetMsmqActivator - ok
16:56:10.0460 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0470 2180 NetPipeActivator - ok
16:56:10.0486 2180 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:56:10.0519 2180 netprofm - ok
16:56:10.0525 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0536 2180 NetTcpActivator - ok
16:56:10.0540 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0551 2180 NetTcpPortSharing - ok
16:56:10.0561 2180 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:56:10.0572 2180 nfrd960 - ok
16:56:10.0576 2180 NIS - ok
16:56:10.0586 2180 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:56:10.0616 2180 NlaSvc - ok
16:56:10.0622 2180 NPF - ok
16:56:10.0635 2180 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:56:10.0655 2180 Npfs - ok
16:56:10.0662 2180 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:56:10.0690 2180 nsi - ok
16:56:10.0704 2180 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:56:10.0734 2180 nsiproxy - ok
16:56:10.0774 2180 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:56:10.0827 2180 Ntfs - ok
16:56:10.0863 2180 [ A8B8EDB4CDB2927CDC127E5BFE85CA7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:56:10.0873 2180 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
16:56:10.0873 2180 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
16:56:10.0881 2180 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
16:56:10.0891 2180 NTIDrvr - ok
16:56:10.0924 2180 [ 50B1521BC145CE9634A5ACD1C10D84F7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:56:10.0932 2180 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
16:56:10.0932 2180 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
16:56:11.0001 2180 nTuneService - ok
16:56:11.0015 2180 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:56:11.0047 2180 Null - ok
16:56:11.0309 2180 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:11.0588 2180 nvlddmkm - ok
16:56:11.0612 2180 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
16:56:11.0624 2180 nvoclk64 - ok
16:56:11.0648 2180 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:56:11.0668 2180 nvraid - ok
16:56:11.0683 2180 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
16:56:11.0694 2180 nvrd64 - ok
16:56:11.0707 2180 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:56:11.0719 2180 nvstor - ok
16:56:11.0737 2180 [ 39D974FD0937DB87B10E78AE90951FB1 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
16:56:11.0747 2180 nvstor64 - ok
16:56:11.0775 2180 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:56:11.0804 2180 nvsvc - ok
16:56:11.0834 2180 [ 55F03866A969A50CD1574B0F61ACEC1D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:56:11.0864 2180 nvUpdatusService - ok
16:56:11.0877 2180 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:56:11.0891 2180 nv_agp - ok
16:56:11.0895 2180 NwlnkFlt - ok
16:56:11.0898 2180 NwlnkFwd - ok
16:56:11.0919 2180 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:56:11.0946 2180 ohci1394 - ok
16:56:11.0971 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:56:12.0027 2180 p2pimsvc - ok
16:56:12.0053 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:56:12.0093 2180 p2psvc - ok
16:56:12.0119 2180 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:56:12.0153 2180 Parport - ok
16:56:12.0171 2180 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:56:12.0184 2180 partmgr - ok
16:56:12.0213 2180 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:56:12.0244 2180 PcaSvc - ok
16:56:12.0257 2180 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:56:12.0272 2180 pci - ok
16:56:12.0280 2180 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
16:56:12.0291 2180 pciide - ok
16:56:12.0317 2180 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:56:12.0331 2180 pcmcia - ok
16:56:12.0352 2180 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:56:12.0420 2180 PEAUTH - ok
16:56:12.0474 2180 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:56:12.0506 2180 PerfHost - ok
16:56:12.0570 2180 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:56:12.0650 2180 pla - ok
16:56:12.0673 2180 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:56:12.0698 2180 PlugPlay - ok
16:56:12.0701 2180 PnkBstrA - ok
16:56:12.0704 2180 PnkBstrK - ok
16:56:12.0733 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:56:12.0754 2180 PNRPAutoReg - ok
16:56:12.0775 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:56:12.0804 2180 PNRPsvc - ok
16:56:12.0887 2180 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:56:12.0918 2180 PolicyAgent - ok
16:56:12.0935 2180 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:56:12.0961 2180 PptpMiniport - ok
16:56:12.0980 2180 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:56:13.0012 2180 Processor - ok
16:56:13.0031 2180 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:56:13.0061 2180 ProfSvc - ok
16:56:13.0070 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:56:13.0081 2180 ProtectedStorage - ok
16:56:13.0100 2180 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:56:13.0121 2180 PSched - ok
16:56:13.0149 2180 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:56:13.0205 2180 ql2300 - ok
16:56:13.0224 2180 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:56:13.0236 2180 ql40xx - ok
16:56:13.0260 2180 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:56:13.0281 2180 QWAVE - ok
16:56:13.0291 2180 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:56:13.0304 2180 QWAVEdrv - ok
16:56:13.0312 2180 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:56:13.0344 2180 RasAcd - ok
16:56:13.0357 2180 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:56:13.0390 2180 RasAuto - ok
16:56:13.0400 2180 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:13.0422 2180 Rasl2tp - ok
16:56:13.0453 2180 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:56:13.0477 2180 RasMan - ok
16:56:13.0487 2180 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:13.0515 2180 RasPppoe - ok
16:56:13.0535 2180 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:56:13.0548 2180 RasSstp - ok
16:56:13.0600 2180 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:56:13.0632 2180 rdbss - ok
16:56:13.0651 2180 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:13.0678 2180 RDPCDD - ok
16:56:13.0710 2180 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:56:13.0748 2180 rdpdr - ok
16:56:13.0764 2180 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:56:13.0791 2180 RDPENCDD - ok
16:56:13.0816 2180 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:56:13.0850 2180 RDPWD - ok
16:56:13.0871 2180 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:56:13.0899 2180 RemoteAccess - ok
16:56:13.0925 2180 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:56:13.0957 2180 RemoteRegistry - ok
16:56:13.0986 2180 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
16:56:13.0991 2180 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:56:13.0992 2180 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:56:14.0015 2180 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:56:14.0034 2180 RpcLocator - ok
16:56:14.0063 2180 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:56:14.0093 2180 RpcSs - ok
16:56:14.0105 2180 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:56:14.0141 2180 rspndr - ok
16:56:14.0163 2180 [ 81F778D9F3F71F48F498CA1F773D1539 ] s816bus C:\Windows\system32\DRIVERS\s816bus.sys
16:56:14.0174 2180 s816bus - ok
16:56:14.0192 2180 [ 3F4E14192B72A148DD508329E04AFFD4 ] s816mdfl C:\Windows\system32\DRIVERS\s816mdfl.sys
16:56:14.0201 2180 s816mdfl - ok
16:56:14.0216 2180 [ 17A29B53DFD7E9CD8043B7ADADB83F22 ] s816mdm C:\Windows\system32\DRIVERS\s816mdm.sys
16:56:14.0228 2180 s816mdm - ok
16:56:14.0252 2180 [ F9BA1C5DF3854D36EA1F7086FEB97643 ] s816mgmt C:\Windows\system32\DRIVERS\s816mgmt.sys
16:56:14.0262 2180 s816mgmt - ok
16:56:14.0280 2180 [ 0323C1ACCD67844304D69E6BFD93E52D ] s816nd5 C:\Windows\system32\DRIVERS\s816nd5.sys
16:56:14.0299 2180 s816nd5 - ok
16:56:14.0313 2180 [ F8E19BFB8A67407CD54C5FD63F7B3C17 ] s816obex C:\Windows\system32\DRIVERS\s816obex.sys
16:56:14.0324 2180 s816obex - ok
16:56:14.0338 2180 [ B8A998B3A7D6DA10221D479E4DDE5EF7 ] s816unic C:\Windows\system32\DRIVERS\s816unic.sys
16:56:14.0348 2180 s816unic - ok
16:56:14.0360 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
16:56:14.0372 2180 SamSs - ok
16:56:14.0395 2180 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:56:14.0406 2180 sbp2port - ok
16:56:14.0470 2180 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService D:\Spybot - Search & Destroy\SDWinSec.exe
16:56:14.0530 2180 SBSDWSCService - ok
16:56:14.0562 2180 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:56:14.0589 2180 SCardSvr - ok
16:56:14.0640 2180 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:56:14.0682 2180 Schedule - ok
16:56:14.0715 2180 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:56:14.0735 2180 SCPolicySvc - ok
16:56:14.0753 2180 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:56:14.0791 2180 SDRSVC - ok
16:56:14.0799 2180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:56:14.0839 2180 secdrv - ok
16:56:14.0847 2180 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:56:14.0875 2180 seclogon - ok
16:56:14.0885 2180 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:56:14.0914 2180 SENS - ok
16:56:14.0930 2180 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:56:14.0961 2180 Serenum - ok
16:56:14.0974 2180 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:56:15.0005 2180 Serial - ok
16:56:15.0014 2180 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:56:15.0050 2180 sermouse - ok
16:56:15.0077 2180 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:56:15.0114 2180 SessionEnv - ok
16:56:15.0126 2180 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:56:15.0161 2180 sffdisk - ok
16:56:15.0183 2180 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:56:15.0216 2180 sffp_mmc - ok
16:56:15.0228 2180 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:56:15.0257 2180 sffp_sd - ok
16:56:15.0266 2180 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:56:15.0314 2180 sfloppy - ok
16:56:15.0335 2180 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:56:15.0371 2180 SharedAccess - ok
16:56:15.0403 2180 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:56:15.0423 2180 ShellHWDetection - ok
16:56:15.0433 2180 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:56:15.0445 2180 SiSRaid2 - ok
16:56:15.0454 2180 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:56:15.0466 2180 SiSRaid4 - ok
16:56:15.0489 2180 [ 8C84B7756B1B269C4E302CC09EDC8DCE ] SkLaggProtocol C:\Windows\system32\DRIVERS\yk60x64l.sys
16:56:15.0518 2180 SkLaggProtocol - ok
16:56:15.0536 2180 [ 5BC4ED412A202E4E1EF6A5877625D5D6 ] SkVlanProtocol C:\Windows\system32\DRIVERS\yk60x64v.sys
16:56:15.0556 2180 SkVlanProtocol - ok
16:56:15.0621 2180 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:56:15.0732 2180 slsvc - ok
16:56:15.0749 2180 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:56:15.0771 2180 SLUINotify - ok
16:56:15.0782 2180 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:56:15.0811 2180 Smb - ok
16:56:15.0829 2180 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:56:15.0847 2180 SNMPTRAP - ok
16:56:15.0880 2180 [ 152F92DAE4E2294667DE38378F2F7A50 ] Sound Blaster MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
16:56:15.0890 2180 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:56:15.0890 2180 Sound Blaster MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:56:15.0901 2180 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:56:15.0913 2180 spldr - ok
16:56:15.0940 2180 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:56:15.0966 2180 Spooler - ok
16:56:16.0011 2180 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
16:56:16.0031 2180 SRTSP - ok
16:56:16.0044 2180 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
16:56:16.0052 2180 SRTSPX - ok
16:56:16.0072 2180 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:56:16.0103 2180 srv - ok
16:56:16.0128 2180 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:56:16.0171 2180 srv2 - ok
16:56:16.0182 2180 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:56:16.0200 2180 srvnet - ok
16:56:16.0225 2180 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:56:16.0261 2180 SSDPSRV - ok
16:56:16.0274 2180 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:56:16.0300 2180 SstpSvc - ok
16:56:16.0318 2180 Steam Client Service - ok
16:56:16.0339 2180 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:56:16.0354 2180 Stereo Service - ok
16:56:16.0396 2180 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:56:16.0434 2180 stisvc - ok
16:56:16.0453 2180 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:56:16.0463 2180 swenum - ok
16:56:16.0541 2180 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:56:16.0571 2180 swprv - ok
16:56:16.0587 2180 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:56:16.0598 2180 Symc8xx - ok
16:56:16.0623 2180 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
16:56:16.0640 2180 SymDS - ok
16:56:16.0678 2180 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
16:56:16.0730 2180 SymEFA - ok
16:56:16.0765 2180 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:56:16.0776 2180 SymEvent - ok
16:56:16.0803 2180 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
16:56:16.0813 2180 SymIRON - ok
16:56:16.0833 2180 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS
16:56:16.0851 2180 SYMTDIv - ok
16:56:16.0875 2180 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:56:16.0886 2180 Sym_hi - ok
16:56:16.0894 2180 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:56:16.0905 2180 Sym_u3 - ok
16:56:16.0930 2180 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:56:16.0998 2180 SysMain - ok
16:56:17.0015 2180 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:56:17.0031 2180 TabletInputService - ok
16:56:17.0049 2180 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:56:17.0077 2180 TapiSrv - ok
16:56:17.0096 2180 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:56:17.0124 2180 TBS - ok
16:56:17.0179 2180 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:56:17.0233 2180 Tcpip - ok
16:56:17.0268 2180 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:56:17.0304 2180 Tcpip6 - ok
16:56:17.0325 2180 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:56:17.0341 2180 tcpipreg - ok
16:56:17.0358 2180 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:56:17.0393 2180 TDPIPE - ok
16:56:17.0403 2180 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:56:17.0431 2180 TDTCP - ok
16:56:17.0453 2180 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:56:17.0475 2180 tdx - ok
16:56:17.0484 2180 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:56:17.0496 2180 TermDD - ok
16:56:17.0535 2180 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:56:17.0575 2180 TermService - ok
16:56:17.0588 2180 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:56:17.0603 2180 Themes - ok
16:56:17.0623 2180 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:56:17.0651 2180 THREADORDER - ok
16:56:17.0760 2180 [ A808347708C36D6D90BFF27813FBBAAF ] tizekdrv C:\Users\Chris\AppData\Roaming\TZAC\tizek64.sys
16:56:17.0776 2180 tizekdrv - ok
16:56:17.0797 2180 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:56:17.0830 2180 TrkWks - ok
16:56:17.0852 2180 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:56:17.0880 2180 TrustedInstaller - ok
16:56:17.0900 2180 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:17.0927 2180 tssecsrv - ok
16:56:17.0980 2180 [ 286809293BC5AE5D6A1A381B53C72D1A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
16:56:18.0024 2180 TuneUp.UtilitiesSvc - ok
16:56:18.0042 2180 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
16:56:18.0053 2180 TuneUpUtilitiesDrv - ok
16:56:18.0066 2180 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:56:18.0084 2180 tunmp - ok
16:56:18.0098 2180 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:56:18.0110 2180 tunnel - ok
16:56:18.0126 2180 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:56:18.0139 2180 uagp35 - ok
16:56:18.0147 2180 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
16:56:18.0156 2180 UBHelper - ok
16:56:18.0179 2180 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:56:18.0204 2180 udfs - ok
16:56:18.0220 2180 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:56:18.0248 2180 UI0Detect - ok
16:56:18.0258 2180 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:56:18.0270 2180 uliagpkx - ok
16:56:18.0291 2180 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:56:18.0307 2180 uliahci - ok
16:56:18.0320 2180 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:56:18.0335 2180 UlSata - ok
16:56:18.0349 2180 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:56:18.0363 2180 ulsata2 - ok
16:56:18.0375 2180 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:56:18.0402 2180 umbus - ok
16:56:18.0419 2180 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:56:18.0473 2180 upnphost - ok
16:56:18.0497 2180 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:56:18.0516 2180 USBAAPL64 - ok
16:56:18.0543 2180 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:18.0569 2180 usbccgp - ok
16:56:18.0586 2180 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:56:18.0643 2180 usbcir - ok
16:56:18.0657 2180 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:56:18.0678 2180 usbehci - ok
16:56:18.0697 2180 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:56:18.0727 2180 usbhub - ok
16:56:18.0737 2180 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:56:18.0776 2180 usbohci - ok
16:56:18.0797 2180 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:56:18.0824 2180 usbprint - ok
16:56:18.0839 2180 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:18.0864 2180 USBSTOR - ok
16:56:18.0877 2180 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:18.0904 2180 usbuhci - ok
16:56:18.0917 2180 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:56:18.0939 2180 UxSms - ok
16:56:18.0955 2180 [ 594DF74EC1411592585D8FE8165D0816 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:56:18.0965 2180 UxTuneUp - ok
16:56:19.0020 2180 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:56:19.0053 2180 vds - ok
16:56:19.0069 2180 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:19.0097 2180 vga - ok
16:56:19.0113 2180 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:56:19.0140 2180 VgaSave - ok
16:56:19.0148 2180 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:56:19.0170 2180 viaide - ok
16:56:19.0188 2180 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:56:19.0201 2180 volmgr - ok
16:56:19.0230 2180 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:56:19.0249 2180 volmgrx - ok
16:56:19.0276 2180 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:56:19.0293 2180 volsnap - ok
16:56:19.0307 2180 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:56:19.0321 2180 vsmraid - ok
16:56:19.0358 2180 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:56:19.0438 2180 VSS - ok
16:56:19.0469 2180 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:56:19.0505 2180 W32Time - ok
16:56:19.0526 2180 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:56:19.0603 2180 WacomPen - ok
16:56:19.0618 2180 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:56:19.0639 2180 Wanarp - ok
16:56:19.0642 2180 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:56:19.0663 2180 Wanarpv6 - ok
16:56:19.0685 2180 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:56:19.0709 2180 wcncsvc - ok
16:56:19.0725 2180 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:56:19.0751 2180 WcsPlugInService - ok
16:56:19.0760 2180 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:56:19.0771 2180 Wd - ok
16:56:19.0808 2180 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:56:19.0840 2180 Wdf01000 - ok
16:56:19.0857 2180 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:56:19.0886 2180 WdiServiceHost - ok
16:56:19.0896 2180 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:56:19.0924 2180 WdiSystemHost - ok
16:56:19.0936 2180 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:56:19.0955 2180 WebClient - ok
16:56:19.0983 2180 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:56:20.0020 2180 Wecsvc - ok
16:56:20.0034 2180 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:56:20.0055 2180 wercplsupport - ok
16:56:20.0066 2180 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:56:20.0088 2180 WerSvc - ok
16:56:20.0101 2180 WinDefend - ok
16:56:20.0106 2180 WinHttpAutoProxySvc - ok
16:56:20.0131 2180 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:56:20.0160 2180 Winmgmt - ok
16:56:20.0207 2180 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:56:20.0271 2180 WinRM - ok
16:56:20.0316 2180 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:56:20.0351 2180 Wlansvc - ok
16:56:20.0368 2180 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:56:20.0388 2180 WmiAcpi - ok
16:56:20.0405 2180 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:56:20.0436 2180 wmiApSrv - ok
16:56:20.0444 2180 WMPNetworkSvc - ok
16:56:20.0459 2180 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:56:20.0479 2180 WPCSvc - ok
16:56:20.0505 2180 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:56:20.0540 2180 WPDBusEnum - ok
16:56:20.0571 2180 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:56:20.0583 2180 WpdUsb - ok
16:56:20.0670 2180 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:56:20.0715 2180 WPFFontCache_v0400 - ok
16:56:20.0729 2180 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:56:20.0761 2180 ws2ifsl - ok
16:56:20.0774 2180 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
16:56:20.0795 2180 wscsvc - ok
16:56:20.0798 2180 WSearch - ok
16:56:20.0853 2180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:56:20.0955 2180 wuauserv - ok
16:56:20.0996 2180 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:56:21.0029 2180 WudfPf - ok
16:56:21.0049 2180 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:21.0067 2180 WUDFRd - ok
16:56:21.0085 2180 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:56:21.0098 2180 wudfsvc - ok
16:56:21.0117 2180 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
16:56:21.0162 2180 yukonx64 - ok
16:56:21.0193 2180 [ 177590B0D2F8BE513626BB8C8D6E6A08 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl
16:56:21.0202 2180 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
16:56:21.0219 2180 ================ Scan global ===============================
16:56:21.0251 2180 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:56:21.0273 2180 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:21.0287 2180 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:21.0306 2180 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:56:21.0310 2180 [Global] - ok
16:56:21.0311 2180 ================ Scan MBR ==================================
16:56:21.0321 2180 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
16:56:23.0204 2180 \Device\Harddisk0\DR0 - ok
16:56:23.0220 2180 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:56:23.0277 2180 \Device\Harddisk1\DR1 - ok
16:56:23.0284 2180 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
16:56:23.0352 2180 \Device\Harddisk2\DR2 - ok
16:56:23.0357 2180 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk7\DR7
16:56:25.0279 2180 \Device\Harddisk7\DR7 - ok
16:56:25.0280 2180 ================ Scan VBR ==================================
16:56:25.0292 2180 [ ADA53843539F8335D503404A1FCE83A1 ] \Device\Harddisk0\DR0\Partition1
16:56:25.0294 2180 \Device\Harddisk0\DR0\Partition1 - ok
16:56:25.0321 2180 [ F1FAD39150FD7D4EAF1AD77037D74A80 ] \Device\Harddisk1\DR1\Partition1
16:56:25.0323 2180 \Device\Harddisk1\DR1\Partition1 - ok
16:56:25.0350 2180 [ D4652CCD7185A3BBC1C3BAED7DDE6310 ] \Device\Harddisk2\DR2\Partition1
16:56:25.0352 2180 \Device\Harddisk2\DR2\Partition1 - ok
16:56:25.0355 2180 [ AD090AF179F3B5504CCFAD225B523169 ] \Device\Harddisk7\DR7\Partition1
16:56:25.0357 2180 \Device\Harddisk7\DR7\Partition1 - ok
16:56:25.0357 2180 ============================================================
16:56:25.0357 2180 Scan finished
16:56:25.0357 2180 ============================================================
16:56:25.0364 3440 Detected object count: 7
16:56:25.0364 3440 Actual detected object count: 7
16:57:00.0887 3440 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0887 3440 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0887 3440 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0887 3440 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0888 3440 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0888 3440 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0889 3440 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0889 3440 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0890 3440 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0890 3440 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0890 3440 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0890 3440 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0891 3440 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0891 3440 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:11.0493 2584 Deinitialize success

markusg · 25.01.2013, 17:02

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chris2 · 25.01.2013, 18:26

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-24.02 - Chris 25.01.2013  18:05:01.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.8190.5148 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\install.exe
D:\Unwise32.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-25 bis 2013-01-25  ))))))))))))))))))))))))))))))
.
.
2013-01-25 21:41 . 2013-01-25 21:41	--------	d-----w-	C:\_OTL
2013-01-25 17:13 . 2013-01-25 17:16	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2013-01-10 16:45 . 2012-11-20 04:22	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-10 16:45 . 2012-11-20 04:21	253952	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-10 16:45 . 2012-11-23 01:54	2770432	----a-w-	c:\windows\system32\win32k.sys
2013-01-10 16:45 . 2012-11-22 04:22	456192	----a-w-	c:\windows\system32\shlwapi.dll
2013-01-10 16:45 . 2012-11-02 10:47	1869824	----a-w-	c:\windows\system32\msxml3.dll
2013-01-10 16:45 . 2012-11-02 10:47	1794560	----a-w-	c:\windows\system32\msxml6.dll
2013-01-10 16:45 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-10 16:45 . 2012-11-02 10:19	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 13:40 . 2006-11-02 12:35	67599240	----a-w-	c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-24 07:18	48128	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-24 07:18	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-24 07:18	368128	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-24 07:18	293376	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-14 16:50	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 16:50	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 16:50	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 16:50	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 16:50	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 16:50	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 16:50	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 16:50	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 16:50	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 16:50	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 16:50	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 16:50	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 16:50	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 16:50	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 16:50	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 16:50	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 16:50	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 16:50	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 16:50	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 16:50	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 16:50	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 16:50	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 16:34	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 16:34	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 16:34	477696	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 16:34	68096	----a-w-	c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 16:34	376320	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 16:34	26112	----a-w-	c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 16:34	23040	----a-w-	c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Steam"="d:\steam\steam.exe" [2012-12-08 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-26 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\erecoveryui.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\googleupdater.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\javaw.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\javaws.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ntunecmd.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nvprofile.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"PlayMovie"="c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"iTunesHelper"="d:\itunes\iTunesHelper.exe"
"QuickTime Task"="D:\QTTask.exe" -atboottime
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
.
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 17:51]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-07 21:01]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-07 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-29 5682688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 374808]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 3040280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 23:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-25  18:24:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-25 17:24
.
Vor Suchlauf: 19 Verzeichnis(se), 45.715.165.184 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 44.904.841.216 Bytes frei
.
- - End Of File - - D314CE4EC408F5344CDADF744DD36E3E

--- --- ---

hi
danke für deine hilfe, hat echt super geklappt.

hätte da noch 3 fragen: mit was war jetzt mein pc befallen? und mit was kann ich mich in zukunft am besten davor schützen?

und was ist mit den ausgeschnittenen objekten bei mir auf dem pc? kann ich die löschen?

danke im vorraus

22.01.2013, 18:45	#4
markusg /// Malware-holic	Kann nicht auf Desktop zugreifen! lasse solche zwischenposts weg, und mach einfach wenn du Zeit hast __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

24.01.2013, 12:40	#6
markusg /// Malware-holic	Kann nicht auf Desktop zugreifen! hi versuchs mal ohne das Script von oben __________________ --> Kann nicht auf Desktop zugreifen!

25.01.2013, 16:38	#10
markusg /// Malware-holic	Kann nicht auf Desktop zugreifen! dann tippe den fix per hand ein __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Kann nicht auf Desktop zugreifen!

Plagegeister aller Art und deren Bekämpfung: Kann nicht auf Desktop zugreifen!