Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus Windows Update Ukash..mich hats auch getroffen.Hier die Log Files... (https://www.trojaner-board.de/116652-virus-windows-update-ukash-mich-hats-getroffen-log-files.html)

nighthunter 06.06.2012 14:51
Virus Windows Update Ukash..mich hats auch getroffen.Hier die Log Files...
 
Mich hat der Virus auch getroffen.Es ist der neue,also der Windows update Ukash Virus.Ich hab die Anleitung soweit befolgt und die Log Files erstellt.
Wie ist nun das weitere vorgehen?

Dateien im Anhang.

Hohhe um schnelle Hilfe.Danke schon mal im vorraus.
Grüße Günni

cosinus 08.06.2012 13:53
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

nighthunter 09.06.2012 01:15
So,hab nun die Scans gemacht und alles befolgt.Hier die ergebnisse:

Ergebnis Vollscan mit Malwarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Günter :: GÜNTER-NOTEBOOK [Administrator]

Schutz: Deaktiviert

08.06.2012 17:24:13
mbam-log-2012-06-09 (00-41-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381836
Laufzeit: 54 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\SWIP Bp.scr (Trojan.Downloader) -> Keine Aktion durchgeführt.

(Ende)

und hier das Ergebnis vom ESET Online Scanner

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e48de51f3e759141b1a5265420fb4471
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 12:03:01
# local_time=2012-06-09 02:03:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 10147503 10147503 0 0
# compatibility_mode=5892 16776573 100 100 23502 176728652 0 0
# compatibility_mode=8192 67108863 100 0 26620 26620 0 0
# scanned=120405
# found=0
# cleaned=0
# scan_time=4257
hab auch beides nochmal als anhang hinzugefügt.ich hoffe ihr könnt damit was anfangen und mein pc ist bald wieder clean.
übrigens mein thunderbird geht seit dem virus nicht mehr.es öffnet sich nur das suchfenster und im "hintergrund" wie son schatten die leiste oben mit start usw.kanns aber nicht anklicken.

cosinus 09.06.2012 22:59
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

nighthunter 10.06.2012 00:12
Hallo Arne,ich hab in der Vergangenheit noch keinen scan mit Malwarebytes gemacht.Somit ist das der erste scan und alles was im Log stand hab ich hier eingefügt.Hab ich was falsch gemacht?
Malwarebytes hat auch zwei sachen gefunden,die hab ich dann wie beschrieben auch mit Malwarebytes gelöscht.

cosinus 10.06.2012 00:38
Es war doch einfach nur eine Frage ob du schon mal vorher mit Malwarebytes gescannt hast :(

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

nighthunter 10.06.2012 10:05
War nicht böse gemeint,ich bin in solchen pc sachen eigentlich nicht so fit.nix für ungut.zu deinen fragen:

1. Der normale modus geht nicht wirklich,ich kann den rechner zwar normal hochfahren,aber sobald ich irgendetwas starten will (z.B. Firefox) oder nen Ordner öffnen will,reagiert er nicht mehr.die maus zeigt die Sanduhr und ansonsten kann ich machen was ich ich,er reagiert nicht.nicht mal auf Strg-Alt-Entf reagiert dann der rechner.
Das war übrigens vor dem scan mit malwarebytes und Eset nicht so.Da konnt ich auch ins Internet und auch mal winamp anschmeißen.

2. Im Startmenü sieht eigentlich alles ganz gut aus,da vermisse ich so nix.Es sind 1 oder 2 Leere Ordner da,aber ich glaube das ist ok.Ist einmal von Codemasters (das spiel hab ich deinstalliert) und ein ordner namens "Deep Silver",der ist leer und damit kann ich nix anfangen.

Grüße Günni

cosinus 10.06.2012 16:10
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

nighthunter 10.06.2012 18:04
hi,so hier der neue log:

Code:
OTL logfile created on: 10.06.2012 18:44:46 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = D:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,04% Memory free
6,19 Gb Paging File | 5,91 Gb Available in Paging File | 95,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 66,94 Gb Free Space | 60,07% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 48,86 Gb Free Space | 45,28% Space Free | Partition Type: NTFS
 
Computer Name: GÜNTER-NOTEBOOK | User Name: Günter | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.10 18:35:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\nvvsvc.exe -- (nvsvc)
SRV - File not found [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2012.05.09 10:18:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 10:18:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:47:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.09.26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- D:\4.Programme\eigen installierte Programme\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.09 10:18:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 10:18:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.12 11:56:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.10.12 11:56:23 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.09.14 23:16:40 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.17 02:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.20 19:30:44 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.06.29 09:16:48 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.09.07 17:21:02 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.09.07 17:21:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.05.27 19:33:58 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2008.04.12 02:58:25 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.05 09:25:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 09:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.10.23 12:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\habu.sys -- (HabuFltr)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 21:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components [2012.01.17 19:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.05.14 14:35:15 | 000,000,000 | ---D | M]
 
[2009.05.11 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions
[2009.05.11 15:20:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.25 23:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Firefox\Profiles\hypg6nzk.default\extensions
[2011.05.14 14:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Günter\AppData\Roaming\mozilla\Firefox\Profiles\hypg6nzk.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.19 13:57:15 | 000,000,933 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\11-suche.xml
[2011.12.19 13:57:15 | 000,002,419 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 13:57:15 | 000,010,525 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\gmx-suche.xml
[2011.12.19 13:57:15 | 000,002,457 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\lastminute.xml
[2008.05.31 16:47:07 | 000,002,386 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\siteadvisor.xml
[2011.12.19 13:57:15 | 000,005,508 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\searchplugins\webde-suche.xml
[2012.02.24 18:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.05.30 11:36:37 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
File not found (No name found) -- C:\USERS\GüNTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI
File not found (No name found) -- C:\USERS\GüNTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\GüNTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYPG6NZK.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.05.03 18:47:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.06.01 13:22:18 | 000,874,008 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2012.02.20 18:27:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2012.02.12 18:27:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 18:27:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 18:27:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 18:27:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 18:27:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 18:27:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Habu] C:\Programme\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Users\Günter\QTTask.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000..\Run: [AeroSnap] D:\4.Programme\eigen installierte Programme\aerosnap desktop tool\AeroSnap\AeroSnap.exe ()
O4 - Startup: C:\Users\Günter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar - Verknüpfung.lnk = C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15412A61-51FE-461E-B6F2-C96B014BA952}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Günter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 18:35:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
[2012.06.08 17:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.08 17:28:09 | 002,322,184 | ---- | C] (ESET) -- D:\Desktop\esetsmartinstaller_enu.exe
[2012.06.08 17:10:12 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Malwarebytes
[2012.06.08 17:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.08 17:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 17:09:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.08 17:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.08 17:07:18 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.06 14:57:01 | 000,596,480 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.06.05 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2012.05.23 14:24:29 | 000,000,000 | ---D | C] -- D:\Desktop\satio
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 18:35:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL(1).exe
[2012.06.10 10:40:24 | 000,632,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.10 10:40:24 | 000,591,262 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.10 10:40:24 | 000,127,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.10 10:40:24 | 000,105,142 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.10 10:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 10:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
[2012.06.10 10:28:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.06.10 10:28:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.10 10:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 10:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 01:21:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.10 01:11:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.09 00:49:09 | 002,322,184 | ---- | M] (ESET) -- D:\Desktop\esetsmartinstaller_enu.exe
[2012.06.08 17:09:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.08 17:07:32 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.07 14:54:44 | 000,001,356 | ---- | M] () -- C:\Users\Günter\AppData\Local\d3d9caps.dat
[2012.06.06 21:16:00 | 000,092,672 | ---- | M] () -- C:\Users\Günter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.06 15:01:41 | 000,302,592 | ---- | M] () -- D:\Desktop\rg6lxw0i.exe
[2012.06.06 14:57:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2012.06.06 14:55:51 | 000,000,000 | ---- | M] () -- C:\Users\Günter\defogger_reenable
[2012.06.06 14:54:28 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe
[2012.06.03 02:06:43 | 008,650,698 | ---- | M] () -- D:\Desktop\Linkin Park -- BURN IT DOWN (RAC mix).mp3
[2012.05.31 14:11:45 | 006,030,580 | ---- | M] () -- D:\Desktop\Fun. - We Are Young (feat. Janelle Monáe).mp3
[2012.05.31 14:11:41 | 006,423,798 | ---- | M] () -- D:\Desktop\Of Monsters and Men - Little Talks.mp3
[2012.05.31 14:11:32 | 004,979,960 | ---- | M] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers)(1).mp3
[2012.05.31 14:11:24 | 004,719,837 | ---- | M] () -- D:\Desktop\Train - Drive By.mp3
[2012.05.31 14:11:16 | 005,080,306 | ---- | M] () -- D:\Desktop\Nicki Minaj - Starships.mp3
[2012.05.31 14:11:09 | 004,981,979 | ---- | M] () -- D:\Desktop\Pitbull - Back In Time (feat. in MIB3).mp3
[2012.05.31 14:11:00 | 006,423,780 | ---- | M] () -- D:\Desktop\Gossip - Perfect World.mp3
[2012.05.31 14:10:49 | 006,882,533 | ---- | M] () -- D:\Desktop\Lana Del Rey - Born to Die.mp3
[2012.05.31 14:10:37 | 004,293,853 | ---- | M] () -- D:\Desktop\DJane HouseKat - My Party (feat. Rameez).mp3
[2012.05.31 14:10:25 | 005,395,687 | ---- | M] () -- D:\Desktop\Lykke Li - I Follow Rivers.mp3
[2012.05.31 14:10:17 | 004,752,621 | ---- | M] () -- D:\Desktop\Emeli Sandé - Next to Me.mp3
[2012.05.30 19:56:18 | 000,012,677 | ---- | M] () -- C:\Users\Günter\tyjqAqjUVUVdfLo
[2012.05.30 19:46:57 | 001,387,753 | ---- | M] () -- D:\Desktop\DSC_0013.JPG
[2012.05.30 19:46:36 | 001,663,402 | ---- | M] () -- D:\Desktop\DSC_0014.JPG
[2012.05.30 19:46:09 | 000,785,567 | ---- | M] () -- D:\Desktop\DSC_0015.JPG
[2012.05.27 12:23:29 | 005,899,499 | ---- | M] () -- D:\Desktop\Rihanna - Where Have You Been.mp3
[2012.05.19 15:36:07 | 006,161,646 | ---- | M] () -- D:\Desktop\Alex Clare - Too Close.mp3
[2012.05.19 15:35:52 | 004,965,624 | ---- | M] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers).mp3
[2012.05.19 15:35:31 | 005,276,900 | ---- | M] () -- D:\Desktop\Culcha Candela - Von Alleine.mp3
[2012.05.19 15:35:28 | 005,440,751 | ---- | M] () -- D:\Desktop\Taio Cruz - There She Goes (Feat . Pitbull).mp3
[2012.05.12 10:27:56 | 000,310,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 17:09:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.06 15:01:40 | 000,302,592 | ---- | C] () -- D:\Desktop\rg6lxw0i.exe
[2012.06.06 14:55:51 | 000,000,000 | ---- | C] () -- C:\Users\Günter\defogger_reenable
[2012.06.06 14:54:28 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe
[2012.06.03 02:06:18 | 008,650,698 | ---- | C] () -- D:\Desktop\Linkin Park -- BURN IT DOWN (RAC mix).mp3
[2012.05.31 14:11:34 | 006,030,580 | ---- | C] () -- D:\Desktop\Fun. - We Are Young (feat. Janelle Monáe).mp3
[2012.05.31 14:11:26 | 006,423,798 | ---- | C] () -- D:\Desktop\Of Monsters and Men - Little Talks.mp3
[2012.05.31 14:11:21 | 004,979,960 | ---- | C] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers)(1).mp3
[2012.05.31 14:11:16 | 004,719,837 | ---- | C] () -- D:\Desktop\Train - Drive By.mp3
[2012.05.31 14:11:10 | 005,080,306 | ---- | C] () -- D:\Desktop\Nicki Minaj - Starships.mp3
[2012.05.31 14:11:04 | 004,981,979 | ---- | C] () -- D:\Desktop\Pitbull - Back In Time (feat. in MIB3).mp3
[2012.05.31 14:10:52 | 006,423,780 | ---- | C] () -- D:\Desktop\Gossip - Perfect World.mp3
[2012.05.31 14:10:41 | 006,882,533 | ---- | C] () -- D:\Desktop\Lana Del Rey - Born to Die.mp3
[2012.05.31 14:10:34 | 004,293,853 | ---- | C] () -- D:\Desktop\DJane HouseKat - My Party (feat. Rameez).mp3
[2012.05.31 14:10:19 | 005,395,687 | ---- | C] () -- D:\Desktop\Lykke Li - I Follow Rivers.mp3
[2012.05.31 14:10:11 | 004,752,621 | ---- | C] () -- D:\Desktop\Emeli Sandé - Next to Me.mp3
[2012.05.30 19:46:57 | 001,387,753 | ---- | C] () -- D:\Desktop\DSC_0013.JPG
[2012.05.30 19:46:37 | 001,663,402 | ---- | C] () -- D:\Desktop\DSC_0014.JPG
[2012.05.30 19:46:10 | 000,785,567 | ---- | C] () -- D:\Desktop\DSC_0015.JPG
[2012.05.27 12:23:19 | 005,899,499 | ---- | C] () -- D:\Desktop\Rihanna - Where Have You Been.mp3
[2012.05.19 15:35:55 | 006,161,646 | ---- | C] () -- D:\Desktop\Alex Clare - Too Close.mp3
[2012.05.19 15:35:45 | 004,965,624 | ---- | C] () -- D:\Desktop\DJ Antoine - Ma Cherie (Feat. the Beat Shakers).mp3
[2012.05.19 15:35:20 | 005,276,900 | ---- | C] () -- D:\Desktop\Culcha Candela - Von Alleine.mp3
[2012.05.19 15:35:16 | 005,440,751 | ---- | C] () -- D:\Desktop\Taio Cruz - There She Goes (Feat . Pitbull).mp3
[2011.11.19 08:10:21 | 000,000,144 | ---- | C] () -- C:\Windows\wiso.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.19 00:15:33 | 000,000,001 | ---- | C] () -- C:\Windows\System32\krx240.dat
 
========== LOP Check ==========
 
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
[2008.06.03 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer
[2012.06.06 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console
[2009.12.27 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AeroSnapApp
[2012.03.05 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Amazon
[2011.03.02 07:24:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bump Technologies, Inc
[2012.06.06 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Desktop Sidebar
[2012.06.06 14:07:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DriverCure
[2010.06.04 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\elsterformular
[2008.06.05 08:29:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi
[2009.05.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FairStars CD Ripper
[2009.11.20 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\GetRightToGo
[2012.05.30 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0
[2012.06.06 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IcoFX
[2010.12.19 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Kristanix Software
[2009.12.21 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Leadertech
[2010.10.23 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macro Recorder
[2009.04.04 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NAVIGON
[2009.05.18 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NCH Swift Sound
[2012.01.21 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Need for Speed World
[2009.02.09 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org
[2012.06.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2010.04.24 05:57:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Razer
[2010.10.07 07:29:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Sony
[2008.11.30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Steganos
[2008.05.28 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template
[2009.05.11 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Thunderbird
[2009.11.20 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrueCrypt
[2009.06.08 17:08:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software
[2008.05.27 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Validity
[2012.06.10 01:21:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.10 10:30:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
[2008.06.03 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer
[2012.06.06 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Acer GameZone Console
[2011.12.03 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Adobe
[2009.12.27 20:39:46 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\AeroSnapApp
[2012.03.05 17:43:33 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Amazon
[2011.01.26 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Apple Computer
[2012.02.12 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Avira
[2011.03.02 07:24:04 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Bump Technologies, Inc
[2008.06.10 16:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\CyberLink
[2012.06.06 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Desktop Sidebar
[2012.06.06 14:07:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\DriverCure
[2011.01.30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\dvdcss
[2010.06.04 12:09:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\elsterformular
[2008.06.05 08:29:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\eSobi
[2009.05.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\FairStars CD Ripper
[2009.11.20 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\GetRightToGo
[2008.05.30 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Google
[2012.05.30 19:56:18 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\gtk-2.0
[2012.06.06 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\IcoFX
[2008.05.27 12:40:14 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Identities
[2010.04.16 06:54:01 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\InstallShield
[2010.12.19 00:15:25 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Kristanix Software
[2009.12.21 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Leadertech
[2010.10.23 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macro Recorder
[2008.05.27 12:40:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Macromedia
[2012.06.08 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Media Center Programs
[2011.12.03 19:56:28 | 000,000,000 | --SD | M] -- C:\Users\Günter\AppData\Roaming\Microsoft
[2008.12.16 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Mozilla
[2009.04.04 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NAVIGON
[2009.05.18 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\NCH Swift Sound
[2012.01.21 13:28:52 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Need for Speed World
[2009.12.21 20:25:02 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Nero
[2009.02.09 21:12:22 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org
[2009.04.01 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\OpenOffice.org2
[2012.06.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2010.04.24 05:57:39 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Razer
[2008.10.28 14:24:26 | 000,000,000 | RH-D | M] -- C:\Users\Günter\AppData\Roaming\SecuROM
[2010.10.07 07:29:28 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Sony
[2008.11.30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Steganos
[2008.05.30 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Talkback
[2008.05.28 03:17:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Template
[2009.05.11 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Thunderbird
[2009.11.20 19:38:05 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TrueCrypt
[2009.06.08 17:08:35 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\TuneUp Software
[2008.05.27 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Validity
[2008.10.29 22:22:37 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\vlc
[2011.12.16 17:24:53 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Winamp
[2008.12.30 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\WinRAR
[2008.05.28 03:22:57 | 000,000,000 | ---D | M] -- C:\Users\Günter\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.03.21 21:40:01 | 000,158,000 | ---- | M] () -- C:\Users\Günter\AppData\Roaming\Thunderbird\Profiles\r6jncpu2.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.06.16 08:03:29 | 001,495,112 | ---- | M] () -- C:\install_flash_player.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >

cosinus 10.06.2012 18:53
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2965497
IE - HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q="
FF - user.js - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.06.05 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Günter\AppData\Roaming\Pagrgr
[2008.06.15 02:37:10 | 000,000,000 | -HSD | M] -- C:\Users\Günter\AppData\Roaming\.#
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

nighthunter 10.06.2012 19:02
ok,hab ich gemacht:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Programme\Winload\prxtbWinl.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2926146690-4048877207-2457611769-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2965497&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Günter\AppData\Roaming\Pagrgr folder moved successfully.
C:\Users\Günter\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Application Data
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Günter
->Temp folder emptied: 22721550 bytes
->Temporary Internet Files folder emptied: 27329589 bytes
->Java cache emptied: 13333822 bytes
->FireFox cache emptied: 140230054 bytes
->Flash cache emptied: 53279 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8012082 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 334823 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 36750616 bytes
RecycleBin emptied: 4822242 bytes
 
Total Files Cleaned = 243,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Application Data
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Günter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06102012_195555

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 10.06.2012 19:07
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

nighthunter 10.06.2012 21:53
So,erledigt.Hier der Report vom TDSS Killer:

Code:
22:47:03.0206 4992        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:47:03.0942 4992        ============================================================
22:47:03.0942 4992        Current date / time: 2012/06/10 22:47:03.0942
22:47:03.0942 4992        SystemInfo:
22:47:03.0942 4992       
22:47:03.0942 4992        OS Version: 6.0.6002 ServicePack: 2.0
22:47:03.0942 4992        Product type: Workstation
22:47:03.0943 4992        ComputerName: GÜNTER-NOTEBOOK
22:47:03.0943 4992        UserName: Günter
22:47:03.0943 4992        Windows directory: C:\Windows
22:47:03.0943 4992        System windows directory: C:\Windows
22:47:03.0943 4992        Processor architecture: Intel x86
22:47:03.0943 4992        Number of processors: 2
22:47:03.0943 4992        Page size: 0x1000
22:47:03.0943 4992        Boot type: Normal boot
22:47:03.0943 4992        ============================================================
22:47:05.0519 4992        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:47:05.0523 4992        ============================================================
22:47:05.0523 4992        \Device\Harddisk0\DR0:
22:47:05.0524 4992        MBR partitions:
22:47:05.0524 4992        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
22:47:05.0524 4992        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800
22:47:05.0524 4992        ============================================================
22:47:05.0555 4992        C: <-> \Device\Harddisk0\DR0\Partition0
22:47:05.0896 4992        D: <-> \Device\Harddisk0\DR0\Partition1
22:47:05.0897 4992        ============================================================
22:47:05.0897 4992        Initialize success
22:47:05.0897 4992        ============================================================
22:48:40.0356 5552        ============================================================
22:48:40.0356 5552        Scan started
22:48:40.0356 5552        Mode: Manual; SigCheck; TDLFS;
22:48:40.0356 5552        ============================================================
22:48:40.0977 5552        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:48:41.0281 5552        ACPI - ok
22:48:41.0419 5552        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:48:41.0443 5552        AdobeARMservice - ok
22:48:41.0522 5552        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:48:41.0586 5552        adp94xx - ok
22:48:41.0699 5552        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:48:41.0761 5552        adpahci - ok
22:48:41.0817 5552        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:48:41.0851 5552        adpu160m - ok
22:48:41.0897 5552        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:48:41.0941 5552        adpu320 - ok
22:48:42.0000 5552        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:48:52.0350 5552        AeLookupSvc - ok
22:48:52.0520 5552        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:48:52.0810 5552        AFD - ok
22:48:52.0997 5552        AFS            (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
22:48:53.0067 5552        AFS ( UnsignedFile.Multi.Generic ) - warning
22:48:53.0067 5552        AFS - detected UnsignedFile.Multi.Generic (1)
22:48:53.0179 5552        AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
22:48:53.0327 5552        AgereModemAudio - ok
22:48:54.0406 5552        AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
22:48:54.0550 5552        AgereSoftModem - ok
22:48:55.0735 5552        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:48:55.0764 5552        agp440 - ok
22:48:55.0890 5552        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:48:55.0934 5552        aic78xx - ok
22:48:56.0090 5552        AlfaFF          (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
22:48:56.0352 5552        AlfaFF - ok
22:48:56.0392 5552        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:48:56.0677 5552        ALG - ok
22:48:56.0732 5552        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:48:56.0762 5552        aliide - ok
22:48:57.0067 5552        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:48:57.0098 5552        amdagp - ok
22:48:57.0122 5552        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:48:57.0152 5552        amdide - ok
22:48:57.0444 5552        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:48:57.0564 5552        AmdK7 - ok
22:48:57.0883 5552        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:48:58.0013 5552        AmdK8 - ok
22:48:58.0424 5552        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:48:58.0453 5552        AntiVirSchedulerService - ok
22:48:58.0630 5552        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:48:58.0654 5552        AntiVirService - ok
22:48:58.0758 5552        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:48:58.0861 5552        Appinfo - ok
22:48:58.0990 5552        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:48:59.0020 5552        arc - ok
22:48:59.0093 5552        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:48:59.0123 5552        arcsas - ok
22:48:59.0225 5552        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:48:59.0671 5552        AsyncMac - ok
22:48:59.0726 5552        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:48:59.0764 5552        atapi - ok
22:48:59.0857 5552        atksgt          (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
22:48:59.0950 5552        atksgt - ok
22:49:00.0114 5552        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:49:00.0195 5552        AudioEndpointBuilder - ok
22:49:00.0205 5552        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:49:00.0282 5552        Audiosrv - ok
22:49:00.0617 5552        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:00.0650 5552        avgntflt - ok
22:49:00.0704 5552        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
22:49:00.0741 5552        avipbb - ok
22:49:00.0849 5552        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:00.0879 5552        avkmgr - ok
22:49:01.0049 5552        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:49:01.0201 5552        Beep - ok
22:49:01.0406 5552        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:49:01.0684 5552        BFE - ok
22:49:02.0231 5552        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
22:49:02.0413 5552        BITS - ok
22:49:02.0464 5552        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:49:02.0543 5552        blbdrive - ok
22:49:02.0955 5552        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:49:03.0122 5552        bowser - ok
22:49:03.0215 5552        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:49:03.0505 5552        BrFiltLo - ok
22:49:03.0557 5552        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:49:03.0800 5552        BrFiltUp - ok
22:49:03.0850 5552        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:49:03.0933 5552        Browser - ok
22:49:04.0092 5552        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:49:04.0460 5552        Brserid - ok
22:49:04.0504 5552        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:49:04.0640 5552        BrSerWdm - ok
22:49:04.0666 5552        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:49:04.0876 5552        BrUsbMdm - ok
22:49:04.0909 5552        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:49:05.0169 5552        BrUsbSer - ok
22:49:05.0350 5552        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:49:05.0445 5552        BthEnum - ok
22:49:05.0554 5552        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:05.0626 5552        BTHMODEM - ok
22:49:05.0682 5552        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:49:05.0766 5552        BthPan - ok
22:49:05.0882 5552        BthPort        (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:49:06.0000 5552        BthPort - ok
22:49:06.0050 5552        BthServ        (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
22:49:06.0134 5552        BthServ - ok
22:49:06.0201 5552        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:49:06.0267 5552        BTHUSB - ok
22:49:06.0313 5552        btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
22:49:06.0343 5552        btwaudio - ok
22:49:06.0403 5552        btwavdt        (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
22:49:06.0432 5552        btwavdt - ok
22:49:06.0481 5552        btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
22:49:06.0515 5552        btwrchid - ok
22:49:06.0658 5552        BUNAgentSvc    (610ab863245f18e21d90f15da4ed1953) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
22:49:06.0677 5552        BUNAgentSvc - ok
22:49:06.0753 5552        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:06.0840 5552        cdfs - ok
22:49:06.0894 5552        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:49:06.0972 5552        cdrom - ok
22:49:07.0046 5552        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:49:07.0149 5552        CertPropSvc - ok
22:49:07.0269 5552        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
22:49:07.0347 5552        circlass - ok
22:49:07.0462 5552        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:49:07.0500 5552        CLFS - ok
22:49:07.0654 5552        CLHNService    (5ca9b1062c0c3e3ae19c23ad9d8a5048) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
22:49:07.0699 5552        CLHNService ( UnsignedFile.Multi.Generic ) - warning
22:49:07.0699 5552        CLHNService - detected UnsignedFile.Multi.Generic (1)
22:49:07.0792 5552        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:07.0823 5552        clr_optimization_v2.0.50727_32 - ok
22:49:07.0895 5552        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:07.0982 5552        CmBatt - ok
22:49:08.0128 5552        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:49:08.0171 5552        cmdide - ok
22:49:08.0200 5552        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:08.0231 5552        Compbatt - ok
22:49:08.0247 5552        COMSysApp - ok
22:49:08.0323 5552        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:49:08.0357 5552        crcdisk - ok
22:49:08.0402 5552        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:49:08.0497 5552        Crusoe - ok
22:49:08.0619 5552        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:49:08.0728 5552        CryptSvc - ok
22:49:08.0863 5552        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:49:08.0959 5552        DcomLaunch - ok
22:49:09.0062 5552        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:49:09.0137 5552        DfsC - ok
22:49:09.0564 5552        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:49:09.0862 5552        DFSR - ok
22:49:10.0148 5552        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:49:10.0285 5552        Dhcp - ok
22:49:10.0385 5552        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:49:10.0418 5552        disk - ok
22:49:10.0477 5552        DKbFltr        (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
22:49:10.0503 5552        DKbFltr - ok
22:49:10.0568 5552        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:49:10.0662 5552        Dnscache - ok
22:49:10.0806 5552        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:49:10.0908 5552        dot3svc - ok
22:49:11.0027 5552        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:49:11.0101 5552        DPS - ok
22:49:11.0240 5552        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
22:49:11.0264 5552        DritekPortIO - ok
22:49:11.0354 5552        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:49:11.0425 5552        drmkaud - ok
22:49:11.0511 5552        DXGKrnl        (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:11.0620 5552        DXGKrnl - ok
22:49:11.0726 5552        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:49:11.0846 5552        E1G60 - ok
22:49:11.0907 5552        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:49:11.0972 5552        EapHost - ok
22:49:12.0081 5552        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:49:12.0128 5552        Ecache - ok
22:49:12.0296 5552        eDataSecurity Service (b7dc2580425225c320ceda78de55a3d0) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
22:49:12.0376 5552        eDataSecurity Service - ok
22:49:12.0473 5552        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:49:12.0583 5552        ehRecvr - ok
22:49:12.0641 5552        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:49:12.0715 5552        ehSched - ok
22:49:12.0749 5552        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:49:12.0797 5552        ehstart - ok
22:49:13.0135 5552        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:49:13.0210 5552        elxstor - ok
22:49:13.0359 5552        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:49:13.0482 5552        EMDMgmt - ok
22:49:13.0526 5552        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:49:13.0602 5552        ErrDev - ok
22:49:13.0768 5552        ETService      (58d906d84cc2e303c754ac7314595d3c) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
22:49:13.0836 5552        ETService ( UnsignedFile.Multi.Generic ) - warning
22:49:13.0836 5552        ETService - detected UnsignedFile.Multi.Generic (1)
22:49:13.0901 5552        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:49:13.0997 5552        EventSystem - ok
22:49:14.0063 5552        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:49:14.0128 5552        exfat - ok
22:49:14.0186 5552        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:49:14.0265 5552        fastfat - ok
22:49:14.0319 5552        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:49:14.0399 5552        fdc - ok
22:49:14.0449 5552        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:49:14.0516 5552        fdPHost - ok
22:49:14.0544 5552        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:49:14.0685 5552        FDResPub - ok
22:49:14.0770 5552        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:49:14.0805 5552        FileInfo - ok
22:49:14.0843 5552        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:49:14.0944 5552        Filetrace - ok
22:49:14.0981 5552        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:15.0063 5552        flpydisk - ok
22:49:15.0118 5552        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:49:15.0181 5552        FltMgr - ok
22:49:15.0419 5552        FontCache      (d49705f25390265cad9b620f55ea968c) C:\Windows\system32\FntCache.dll
22:49:15.0545 5552        FontCache - ok
22:49:15.0650 5552        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:49:15.0679 5552        FontCache3.0.0.0 - ok
22:49:15.0848 5552        FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) D:\4.Programme\eigen installierte Programme\Sync\FreeAgentService.exe
22:49:15.0875 5552        FreeAgentGoNext Service - ok
22:49:15.0940 5552        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:16.0009 5552        Fs_Rec - ok
22:49:16.0050 5552        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:49:16.0081 5552        gagp30kx - ok
22:49:16.0130 5552        ggflt          (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
22:49:16.0153 5552        ggflt - ok
22:49:16.0209 5552        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
22:49:16.0231 5552        ggsemc - ok
22:49:16.0352 5552        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:49:16.0450 5552        gpsvc - ok
22:49:16.0629 5552        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:49:16.0654 5552        gupdate - ok
22:49:16.0662 5552        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:49:16.0690 5552        gupdatem - ok
22:49:16.0775 5552        HabuFltr        (828b3fd539b77d69fcce0c710101e91e) C:\Windows\system32\drivers\habu.sys
22:49:16.0844 5552        HabuFltr - ok
22:49:16.0962 5552        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:49:17.0099 5552        HdAudAddService - ok
22:49:17.0267 5552        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:49:17.0345 5552        HDAudBus - ok
22:49:17.0382 5552        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
22:49:17.0428 5552        HidBth - ok
22:49:17.0473 5552        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
22:49:17.0520 5552        HidIr - ok
22:49:17.0563 5552        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
22:49:17.0644 5552        hidserv - ok
22:49:17.0665 5552        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:17.0737 5552        HidUsb - ok
22:49:17.0815 5552        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:49:17.0901 5552        hkmsvc - ok
22:49:18.0027 5552        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:49:18.0059 5552        HpCISSs - ok
22:49:18.0149 5552        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:49:18.0259 5552        HTTP - ok
22:49:18.0307 5552        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:49:18.0338 5552        i2omp - ok
22:49:18.0398 5552        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:49:18.0489 5552        i8042prt - ok
22:49:18.0713 5552        IAANTMON        (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:49:18.0766 5552        IAANTMON - ok
22:49:18.0831 5552        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
22:49:18.0859 5552        iaStor - ok
22:49:18.0927 5552        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:49:18.0981 5552        iaStorV - ok
22:49:19.0169 5552        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:49:19.0285 5552        idsvc - ok
22:49:19.0315 5552        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:49:19.0344 5552        iirsp - ok
22:49:19.0401 5552        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:49:19.0510 5552        IKEEXT - ok
22:49:19.0561 5552        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
22:49:19.0590 5552        int15 ( UnsignedFile.Multi.Generic ) - warning
22:49:19.0590 5552        int15 - detected UnsignedFile.Multi.Generic (1)
22:49:19.0896 5552        IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
22:49:20.0097 5552        IntcAzAudAddService - ok
22:49:20.0379 5552        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:49:20.0408 5552        intelide - ok
22:49:20.0461 5552        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:20.0557 5552        intelppm - ok
22:49:20.0619 5552        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:49:20.0706 5552        IPBusEnum - ok
22:49:20.0744 5552        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:20.0834 5552        IpFilterDriver - ok
22:49:20.0948 5552        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:49:21.0051 5552        iphlpsvc - ok
22:49:21.0065 5552        IpInIp - ok
22:49:21.0117 5552        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:49:21.0185 5552        IPMIDRV - ok
22:49:21.0282 5552        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:49:21.0351 5552        IPNAT - ok
22:49:21.0378 5552        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:49:21.0460 5552        IRENUM - ok
22:49:21.0502 5552        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:49:21.0548 5552        isapnp - ok
22:49:21.0616 5552        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:49:21.0657 5552        iScsiPrt - ok
22:49:21.0740 5552        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:49:21.0774 5552        iteatapi - ok
22:49:21.0815 5552        itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
22:49:21.0893 5552        itecir - ok
22:49:21.0937 5552        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:49:21.0969 5552        iteraid - ok
22:49:22.0031 5552        JMCR            (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys
22:49:22.0117 5552        JMCR - ok
22:49:22.0154 5552        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:22.0188 5552        kbdclass - ok
22:49:22.0228 5552        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:22.0291 5552        kbdhid - ok
22:49:22.0340 5552        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:22.0412 5552        KeyIso - ok
22:49:22.0474 5552        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:49:22.0590 5552        KSecDD - ok
22:49:22.0661 5552        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:49:22.0774 5552        KtmRm - ok
22:49:22.0848 5552        L1E            (03afb2705e68703e165cd817779b472f) C:\Windows\system32\DRIVERS\L1E60x86.sys
22:49:22.0913 5552        L1E - ok
22:49:22.0958 5552        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
22:49:23.0035 5552        LanmanServer - ok
22:49:23.0110 5552        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:49:23.0196 5552        LanmanWorkstation - ok
22:49:23.0366 5552        LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:49:23.0377 5552        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:49:23.0377 5552        LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:49:23.0463 5552        lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
22:49:23.0492 5552        lirsgt - ok
22:49:23.0529 5552        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:23.0585 5552        lltdio - ok
22:49:23.0669 5552        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:49:23.0770 5552        lltdsvc - ok
22:49:23.0818 5552        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:49:23.0939 5552        lmhosts - ok
22:49:23.0989 5552        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:49:24.0021 5552        LSI_FC - ok
22:49:24.0053 5552        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:49:24.0087 5552        LSI_SAS - ok
22:49:24.0186 5552        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:49:24.0227 5552        LSI_SCSI - ok
22:49:24.0308 5552        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:49:24.0383 5552        luafv - ok
22:49:24.0431 5552        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:49:24.0466 5552        MBAMProtector - ok
22:49:24.0567 5552        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:49:24.0628 5552        MBAMService - ok
22:49:24.0687 5552        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:49:24.0760 5552        Mcx2Svc - ok
22:49:24.0795 5552        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:49:24.0830 5552        megasas - ok
22:49:24.0916 5552        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:49:24.0975 5552        MegaSR - ok
22:49:25.0014 5552        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:49:25.0092 5552        MMCSS - ok
22:49:25.0132 5552        MobilityService - ok
22:49:25.0165 5552        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:49:25.0259 5552        Modem - ok
22:49:25.0318 5552        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:49:25.0375 5552        monitor - ok
22:49:25.0432 5552        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:49:25.0470 5552        mouclass - ok
22:49:25.0484 5552        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:25.0545 5552        mouhid - ok
22:49:25.0571 5552        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:49:25.0604 5552        MountMgr - ok
22:49:25.0716 5552        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:49:25.0766 5552        MozillaMaintenance - ok
22:49:25.0845 5552        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:49:25.0902 5552        mpio - ok
22:49:25.0948 5552        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:49:26.0017 5552        mpsdrv - ok
22:49:26.0119 5552        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:49:26.0227 5552        MpsSvc - ok
22:49:26.0302 5552        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:49:26.0334 5552        Mraid35x - ok
22:49:26.0412 5552        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:49:26.0492 5552        MRxDAV - ok
22:49:26.0549 5552        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:26.0682 5552        mrxsmb - ok
22:49:26.0766 5552        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:26.0864 5552        mrxsmb10 - ok
22:49:26.0918 5552        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:26.0976 5552        mrxsmb20 - ok
22:49:27.0026 5552        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:49:27.0104 5552        msahci - ok
22:49:27.0154 5552        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:49:27.0188 5552        msdsm - ok
22:49:27.0302 5552        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:49:27.0391 5552        MSDTC - ok
22:49:27.0418 5552        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:49:27.0556 5552        Msfs - ok
22:49:27.0612 5552        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:49:27.0645 5552        msisadrv - ok
22:49:27.0745 5552        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:49:27.0849 5552        MSiSCSI - ok
22:49:27.0858 5552        msiserver - ok
22:49:27.0910 5552        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:27.0973 5552        MSKSSRV - ok
22:49:27.0999 5552        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:28.0076 5552        MSPCLOCK - ok
22:49:28.0102 5552        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:49:28.0176 5552        MSPQM - ok
22:49:28.0222 5552        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:49:28.0273 5552        MsRPC - ok
22:49:28.0313 5552        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:49:28.0347 5552        mssmbios - ok
22:49:28.0369 5552        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:49:28.0459 5552        MSTEE - ok
22:49:28.0497 5552        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:49:28.0532 5552        Mup - ok
22:49:28.0610 5552        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:49:28.0725 5552        napagent - ok
22:49:28.0850 5552        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:28.0920 5552        NativeWifiP - ok
22:49:29.0039 5552        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:49:29.0095 5552        NDIS - ok
22:49:29.0127 5552        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:29.0196 5552        NdisTapi - ok
22:49:29.0229 5552        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:29.0294 5552        Ndisuio - ok
22:49:29.0345 5552        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:29.0420 5552        NdisWan - ok
22:49:29.0476 5552        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:49:29.0532 5552        NDProxy - ok
22:49:29.0562 5552        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:49:29.0629 5552        NetBIOS - ok
22:49:29.0713 5552        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:49:29.0824 5552        netbt - ok
22:49:29.0906 5552        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:29.0950 5552        Netlogon - ok
22:49:30.0028 5552        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:49:30.0152 5552        Netman - ok
22:49:30.0200 5552        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:49:30.0345 5552        netprofm - ok
22:49:30.0458 5552        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:49:30.0519 5552        NetTcpPortSharing - ok
22:49:30.0995 5552        NETw4v32        (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:49:31.0336 5552        NETw4v32 - ok
22:49:31.0545 5552        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:49:31.0573 5552        nfrd960 - ok
22:49:31.0646 5552        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:49:31.0715 5552        NlaSvc - ok
22:49:31.0766 5552        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:49:31.0836 5552        Npfs - ok
22:49:31.0859 5552        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:49:31.0970 5552        nsi - ok
22:49:32.0020 5552        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:49:32.0082 5552        nsiproxy - ok
22:49:32.0244 5552        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:49:32.0421 5552        Ntfs - ok
22:49:32.0528 5552        NTIBackupSvc    (a8b8edb4cdb2927cdc127e5bfe85ca7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:49:32.0570 5552        NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
22:49:32.0570 5552        NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
22:49:32.0816 5552        NTIDrvr        (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
22:49:32.0841 5552        NTIDrvr - ok
22:49:33.0009 5552        NTIPPKernel    (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
22:49:33.0072 5552        NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
22:49:33.0072 5552        NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
22:49:33.0118 5552        NTISchedulerSvc (50b1521bc145ce9634a5acd1c10d84f7) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:49:33.0169 5552        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
22:49:33.0169 5552        NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
22:49:33.0207 5552        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:49:33.0350 5552        ntrigdigi - ok
22:49:33.0406 5552        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:49:33.0499 5552        Null - ok
22:49:35.0323 5552        nvlddmkm        (747ab0334b95e5cf91b7cf63f9005530) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:49:36.0518 5552        nvlddmkm - ok
22:49:36.0795 5552        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:49:36.0830 5552        nvraid - ok
22:49:36.0877 5552        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:49:36.0906 5552        nvstor - ok
22:49:36.0978 5552        nvsvc - ok
22:49:37.0030 5552        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:49:37.0108 5552        nv_agp - ok
22:49:37.0115 5552        NwlnkFlt - ok
22:49:37.0125 5552        NwlnkFwd - ok
22:49:37.0177 5552        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:49:37.0296 5552        ohci1394 - ok
22:49:37.0455 5552        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:37.0605 5552        p2pimsvc - ok
22:49:37.0618 5552        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:37.0694 5552        p2psvc - ok
22:49:37.0792 5552        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:49:37.0895 5552        Parport - ok
22:49:37.0938 5552        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
22:49:37.0972 5552        partmgr - ok
22:49:38.0008 5552        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:49:38.0154 5552        Parvdm - ok
22:49:38.0223 5552        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:49:38.0325 5552        PcaSvc - ok
22:49:38.0388 5552        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:49:38.0438 5552        pci - ok
22:49:38.0490 5552        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:49:38.0520 5552        pciide - ok
22:49:38.0570 5552        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:49:38.0609 5552        pcmcia - ok
22:49:38.0781 5552        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:49:38.0988 5552        PEAUTH - ok
22:49:39.0241 5552        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:49:39.0439 5552        pla - ok
22:49:39.0685 5552        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:49:39.0790 5552        PlugPlay - ok
22:49:39.0907 5552        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:39.0990 5552        PNRPAutoReg - ok
22:49:40.0007 5552        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:49:40.0086 5552        PNRPsvc - ok
22:49:40.0226 5552        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:49:40.0345 5552        PolicyAgent - ok
22:49:40.0446 5552        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:40.0538 5552        PptpMiniport - ok
22:49:40.0572 5552        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:49:40.0741 5552        Processor - ok
22:49:40.0816 5552        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:49:40.0907 5552        ProfSvc - ok
22:49:40.0954 5552        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:41.0030 5552        ProtectedStorage - ok
22:49:41.0103 5552        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:49:41.0210 5552        PSched - ok
22:49:41.0294 5552        PSDFilter      (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
22:49:41.0331 5552        PSDFilter - ok
22:49:41.0369 5552        PSDNServ        (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
22:49:41.0402 5552        PSDNServ - ok
22:49:41.0450 5552        psdvdisk        (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
22:49:41.0482 5552        psdvdisk - ok
22:49:41.0540 5552        PxHelp20        (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
22:49:41.0575 5552        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:49:41.0575 5552        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:49:41.0776 5552        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:49:41.0945 5552        ql2300 - ok
22:49:41.0987 5552        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:49:42.0056 5552        ql40xx - ok
22:49:42.0183 5552        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:49:42.0283 5552        QWAVE - ok
22:49:42.0350 5552        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:49:42.0409 5552        QWAVEdrv - ok
22:49:42.0436 5552        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:42.0549 5552        RasAcd - ok
22:49:42.0690 5552        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:49:42.0824 5552        RasAuto - ok
22:49:42.0867 5552        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:42.0983 5552        Rasl2tp - ok
22:49:43.0054 5552        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:49:43.0159 5552        RasMan - ok
22:49:43.0203 5552        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:43.0301 5552        RasPppoe - ok
22:49:43.0337 5552        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:43.0392 5552        RasSstp - ok
22:49:43.0524 5552        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:43.0646 5552        rdbss - ok
22:49:43.0796 5552        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:43.0922 5552        RDPCDD - ok
22:49:44.0026 5552        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:49:44.0135 5552        rdpdr - ok
22:49:44.0165 5552        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:49:44.0261 5552        RDPENCDD - ok
22:49:44.0364 5552        RDPWD          (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:49:44.0476 5552        RDPWD - ok
22:49:44.0539 5552        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:49:44.0639 5552        RemoteAccess - ok
22:49:44.0694 5552        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:49:44.0827 5552        RemoteRegistry - ok
22:49:44.0906 5552        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:49:44.0989 5552        RFCOMM - ok
22:49:45.0039 5552        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:49:45.0261 5552        RpcLocator - ok
22:49:45.0379 5552        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:49:45.0465 5552        RpcSs - ok
22:49:45.0506 5552        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:45.0599 5552        rspndr - ok
22:49:45.0679 5552        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
22:49:45.0749 5552        s1018bus - ok
22:49:45.0788 5552        s1018mdfl      (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
22:49:45.0813 5552        s1018mdfl - ok
22:49:45.0869 5552        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
22:49:45.0895 5552        s1018mdm - ok
22:49:45.0951 5552        s1018mgmt      (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
22:49:46.0010 5552        s1018mgmt ( UnsignedFile.Multi.Generic ) - warning
22:49:46.0010 5552        s1018mgmt - detected UnsignedFile.Multi.Generic (1)
22:49:46.0038 5552        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
22:49:46.0064 5552        s1018nd5 - ok
22:49:46.0091 5552        s1018obex      (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
22:49:46.0166 5552        s1018obex - ok
22:49:46.0197 5552        s1018unic      (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
22:49:46.0224 5552        s1018unic - ok
22:49:46.0305 5552        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:49:46.0341 5552        SamSs - ok
22:49:46.0375 5552        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:49:46.0408 5552        sbp2port - ok
22:49:46.0473 5552        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:49:46.0569 5552        SCardSvr - ok
22:49:46.0655 5552        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:49:46.0766 5552        Schedule - ok
22:49:46.0831 5552        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:49:46.0890 5552        SCPolicySvc - ok
22:49:46.0923 5552        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:49:47.0003 5552        SDRSVC - ok
22:49:47.0045 5552        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:49:47.0165 5552        secdrv - ok
22:49:47.0220 5552        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:49:47.0286 5552        seclogon - ok
22:49:47.0357 5552        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
22:49:47.0424 5552        seehcri - ok
22:49:47.0445 5552        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:49:47.0535 5552        SENS - ok
22:49:47.0574 5552        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:49:47.0679 5552        Serenum - ok
22:49:47.0729 5552        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:49:47.0830 5552        Serial - ok
22:49:47.0855 5552        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:49:47.0920 5552        sermouse - ok
22:49:47.0981 5552        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:49:48.0052 5552        SessionEnv - ok
22:49:48.0120 5552        sfdrv01        (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
22:49:48.0157 5552        sfdrv01 - ok
22:49:48.0177 5552        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:49:48.0222 5552        sffdisk - ok
22:49:48.0275 5552        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:48.0340 5552        sffp_mmc - ok
22:49:48.0371 5552        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:49:48.0426 5552        sffp_sd - ok
22:49:48.0467 5552        sfhlp02        (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
22:49:48.0498 5552        sfhlp02 - ok
22:49:48.0520 5552        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:49:48.0641 5552        sfloppy - ok
22:49:48.0690 5552        sfsync04        (c526ad307ff1900bc4c864f74553f762) C:\Windows\system32\drivers\sfsync04.sys
22:49:48.0722 5552        sfsync04 - ok
22:49:48.0802 5552        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:49:48.0947 5552        SharedAccess - ok
22:49:49.0022 5552        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:49:49.0132 5552        ShellHWDetection - ok
22:49:49.0179 5552        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:49:49.0256 5552        sisagp - ok
22:49:49.0313 5552        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:49:49.0345 5552        SiSRaid2 - ok
22:49:49.0384 5552        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:49:49.0418 5552        SiSRaid4 - ok
22:49:49.0961 5552        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:49:50.0211 5552        slsvc - ok
22:49:50.0481 5552        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:49:50.0597 5552        SLUINotify - ok
22:49:50.0714 5552        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:49:50.0810 5552        Smb - ok
22:49:50.0900 5552        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:49:50.0982 5552        SNMPTRAP - ok
22:49:51.0017 5552        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:49:51.0046 5552        spldr - ok
22:49:51.0139 5552        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:49:51.0256 5552        Spooler - ok
22:49:51.0382 5552        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:49:51.0487 5552        srv - ok
22:49:51.0559 5552        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:49:51.0643 5552        srv2 - ok
22:49:51.0730 5552        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:49:51.0798 5552        srvnet - ok
22:49:51.0882 5552        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:49:51.0966 5552        SSDPSRV - ok
22:49:52.0057 5552        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:49:52.0082 5552        ssmdrv - ok
22:49:52.0143 5552        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:49:52.0187 5552        SstpSvc - ok
22:49:52.0303 5552        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:49:52.0379 5552        stisvc - ok
22:49:52.0453 5552        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:49:52.0483 5552        swenum - ok
22:49:52.0577 5552        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:49:52.0651 5552        swprv - ok
22:49:52.0677 5552        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:49:52.0704 5552        Symc8xx - ok
22:49:52.0748 5552        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:49:52.0775 5552        Sym_hi - ok
22:49:52.0817 5552        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:49:52.0843 5552        Sym_u3 - ok
22:49:52.0912 5552        SynTP          (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
22:49:52.0998 5552        SynTP - ok
22:49:53.0094 5552        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:49:53.0175 5552        SysMain - ok
22:49:53.0264 5552        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:49:53.0354 5552        TabletInputService - ok
22:49:53.0439 5552        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:49:53.0622 5552        TapiSrv - ok
22:49:53.0721 5552        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:49:53.0832 5552        TBS - ok
22:49:54.0064 5552        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
22:49:54.0196 5552        Tcpip - ok
22:49:54.0228 5552        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
22:49:54.0367 5552        Tcpip6 - ok
22:49:54.0415 5552        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:49:54.0471 5552        tcpipreg - ok
22:49:54.0525 5552        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:49:54.0585 5552        TDPIPE - ok
22:49:54.0613 5552        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:49:54.0735 5552        TDTCP - ok
22:49:54.0846 5552        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:49:54.0905 5552        tdx - ok
22:49:54.0965 5552        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:49:55.0009 5552        TermDD - ok
22:49:55.0113 5552        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:49:55.0246 5552        TermService - ok
22:49:55.0342 5552        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:49:55.0386 5552        Themes - ok
22:49:55.0455 5552        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:49:55.0534 5552        THREADORDER - ok
22:49:55.0605 5552        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:49:55.0708 5552        TrkWks - ok
22:49:55.0810 5552        truecrypt      (6ec1d6ed5471c99ffc38abe498a6df08) C:\Windows\system32\drivers\truecrypt.sys
22:49:55.0871 5552        truecrypt - ok
22:49:55.0939 5552        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:49:55.0995 5552        TrustedInstaller - ok
22:49:56.0112 5552        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:56.0172 5552        tssecsrv - ok
22:49:56.0343 5552        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:49:56.0455 5552        tunmp - ok
22:49:56.0512 5552        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:49:56.0548 5552        tunnel - ok
22:49:56.0626 5552        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:49:56.0659 5552        uagp35 - ok
22:49:56.0690 5552        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
22:49:56.0715 5552        UBHelper - ok
22:49:56.0781 5552        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:49:56.0871 5552        udfs - ok
22:49:56.0908 5552        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:49:57.0007 5552        UI0Detect - ok
22:49:57.0031 5552        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:49:57.0089 5552        uliagpkx - ok
22:49:57.0138 5552        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:49:57.0255 5552        uliahci - ok
22:49:57.0320 5552        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:49:57.0370 5552        UlSata - ok
22:49:57.0400 5552        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:49:57.0445 5552        ulsata2 - ok
22:49:57.0466 5552        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:49:57.0562 5552        umbus - ok
22:49:57.0675 5552        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:49:57.0764 5552        upnphost - ok
22:49:57.0841 5552        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:57.0892 5552        usbccgp - ok
22:49:58.0025 5552        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:49:58.0144 5552        usbcir - ok
22:49:58.0213 5552        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:49:58.0336 5552        usbehci - ok
22:49:58.0374 5552        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:49:58.0673 5552        usbhub - ok
22:49:58.0724 5552        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:49:58.0869 5552        usbohci - ok
22:49:58.0907 5552        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:49:58.0989 5552        usbprint - ok
22:49:59.0057 5552        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:49:59.0105 5552        usbscan - ok
22:49:59.0142 5552        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
22:49:59.0198 5552        usbser - ok
22:49:59.0241 5552        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:59.0331 5552        USBSTOR - ok
22:49:59.0361 5552        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:49:59.0421 5552        usbuhci - ok
22:49:59.0480 5552        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:49:59.0617 5552        usbvideo - ok
22:49:59.0743 5552        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:49:59.0806 5552        UxSms - ok
22:50:00.0245 5552        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:50:00.0347 5552        vds - ok
22:50:00.0483 5552        vfs101x        (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
22:50:00.0505 5552        vfs101x - ok
22:50:00.0631 5552        vfsFPService    (96bb29c8d28cbcf595a7c44a4519c002) C:\Windows\system32\vfsFPService.exe
22:50:00.0693 5552        vfsFPService - ok
22:50:00.0811 5552        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:00.0912 5552        vga - ok
22:50:00.0940 5552        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:50:01.0076 5552        VgaSave - ok
22:50:01.0106 5552        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:50:01.0139 5552        viaagp - ok
22:50:01.0207 5552        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:50:01.0273 5552        ViaC7 - ok
22:50:01.0314 5552        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:50:01.0344 5552        viaide - ok
22:50:01.0413 5552        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:50:01.0445 5552        volmgr - ok
22:50:01.0506 5552        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:50:01.0589 5552        volmgrx - ok
22:50:01.0664 5552        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:50:01.0718 5552        volsnap - ok
22:50:01.0778 5552        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:50:01.0814 5552        vsmraid - ok
22:50:01.0954 5552        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:50:02.0193 5552        VSS - ok
22:50:02.0272 5552        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:50:02.0350 5552        W32Time - ok
22:50:02.0511 5552        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:50:02.0664 5552        WacomPen - ok
22:50:02.0717 5552        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0805 5552        Wanarp - ok
22:50:02.0812 5552        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:02.0876 5552        Wanarpv6 - ok
22:50:03.0034 5552        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:50:03.0126 5552        wcncsvc - ok
22:50:03.0182 5552        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:50:03.0314 5552        WcsPlugInService - ok
22:50:03.0359 5552        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:50:03.0401 5552        Wd - ok
22:50:03.0468 5552        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:50:03.0595 5552        Wdf01000 - ok
22:50:03.0631 5552        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:50:03.0721 5552        WdiServiceHost - ok
22:50:03.0740 5552        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:50:03.0807 5552        WdiSystemHost - ok
22:50:03.0972 5552        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:50:04.0033 5552        WebClient - ok
22:50:04.0127 5552        Wecsvc          (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
22:50:04.0195 5552        Wecsvc - ok
22:50:04.0250 5552        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:50:04.0339 5552        wercplsupport - ok
22:50:04.0403 5552        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:50:04.0461 5552        WerSvc - ok
22:50:04.0674 5552        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:50:04.0710 5552        WinDefend - ok
22:50:04.0728 5552        WinHttpAutoProxySvc - ok
22:50:04.0830 5552        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:50:04.0881 5552        Winmgmt - ok
22:50:04.0986 5552        WinRM          (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
22:50:05.0133 5552        WinRM - ok
22:50:05.0235 5552        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:50:05.0346 5552        Wlansvc - ok
22:50:05.0969 5552        wlidsvc        (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:06.0238 5552        wlidsvc - ok
22:50:06.0735 5552        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:50:06.0876 5552        WmiAcpi - ok
22:50:06.0973 5552        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:07.0076 5552        wmiApSrv - ok
22:50:07.0437 5552        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:50:07.0601 5552        WMPNetworkSvc - ok
22:50:07.0670 5552        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:50:07.0753 5552        WPCSvc - ok
22:50:07.0848 5552        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:50:07.0946 5552        WPDBusEnum - ok
22:50:08.0061 5552        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:50:08.0092 5552        WpdUsb - ok
22:50:08.0311 5552        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:08.0366 5552        ws2ifsl - ok
22:50:08.0432 5552        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
22:50:08.0509 5552        wscsvc - ok
22:50:08.0541 5552        WSearch - ok
22:50:08.0904 5552        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:50:09.0087 5552        wuauserv - ok
22:50:09.0468 5552        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:09.0589 5552        WUDFRd - ok
22:50:09.0766 5552        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:50:09.0834 5552        wudfsvc - ok
22:50:09.0987 5552        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
22:50:10.0010 5552        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:50:10.0077 5552        MBR (0x1B8)    (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
22:50:11.0931 5552        \Device\Harddisk0\DR0 - ok
22:50:11.0980 5552        Boot (0x1200)  (82e711d545f91928641b5d30ab48097a) \Device\Harddisk0\DR0\Partition0
22:50:11.0982 5552        \Device\Harddisk0\DR0\Partition0 - ok
22:50:12.0003 5552        Boot (0x1200)  (396d609dea7b9b3933cc4fc8e4dce1fc) \Device\Harddisk0\DR0\Partition1
22:50:12.0005 5552        \Device\Harddisk0\DR0\Partition1 - ok
22:50:12.0006 5552        ============================================================
22:50:12.0006 5552        Scan finished
22:50:12.0006 5552        ============================================================
22:50:12.0061 6024        Detected object count: 10
22:50:12.0061 6024        Actual detected object count: 10
22:51:34.0359 6024        AFS ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0359 6024        AFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0363 6024        CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0363 6024        CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0366 6024        ETService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0366 6024        ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0371 6024        int15 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0371 6024        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0373 6024        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0374 6024        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0377 6024        NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0377 6024        NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0380 6024        NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0380 6024        NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0384 6024        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0384 6024        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0388 6024        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0388 6024        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:51:34.0392 6024        s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
22:51:34.0392 6024        s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 11.06.2012 09:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

nighthunter 11.06.2012 13:43
Hi,hab nun ComboFix ausgeführt wie beschrieben.Hier der LogText:

Code:
ComboFix 12-06-10.01 - Günter 11.06.2012  14:20:59.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3069.2561 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\users\Günter\AppData\Local\kuywwao.dat
c:\users\Günter\AppData\Local\kuywwao_nav.dat
c:\users\Günter\AppData\Local\kuywwao_navps.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-11 bis 2012-06-11  ))))))))))))))))))))))))))))))
.
.
2012-06-11 12:26 . 2012-06-11 12:28        --------        d-----w-        c:\users\Günter\AppData\Local\temp
2012-06-11 12:26 . 2012-06-11 12:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-08 15:28 . 2012-06-08 15:28        --------        d-----w-        c:\program files\ESET
2012-06-08 15:10 . 2012-06-08 15:10        --------        d-----w-        c:\users\Günter\AppData\Roaming\Malwarebytes
2012-06-08 15:09 . 2012-06-08 15:09        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-08 15:09 . 2012-06-08 15:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-08 15:09 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-08 15:08 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C0BBE2B-1A80-4702-BCD7-47F5ECCE1543}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 09:16 . 2012-03-31 04:58        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-13 09:16 . 2011-06-08 09:04        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 08:18 . 2012-02-12 13:07        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 08:18 . 2012-02-12 13:07        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-03 08:16 . 2012-05-11 16:17        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 16:17        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-11 16:17        2044928        ----a-w-        c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-11 16:17        905600        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-11 16:17        53120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-03 16:47 . 2011-05-07 16:50        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AeroSnap"="d:\4.programme\eigen installierte Programme\aerosnap desktop tool\AeroSnap\AeroSnap.exe" [2008-12-06 886784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-12 3642368]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"QuickTime Task"="c:\users\Günter\QTTask.exe" [2010-11-29 421888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-03-04 167936]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2009-08-18 239616]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-03-05 167936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Günter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sidebar - Verknüpfung.lnk - c:\program files\Windows Sidebar\sidebar.exe [2009-9-11 1233920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-12 00:58        3024384        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\Acer\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 18:54]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 18:54]
.
2012-06-11 c:\windows\Tasks\User_Feed_Synchronization-{7BF11216-F512-47D3-8ED4-37E904FB2D1E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
mLocal Page =
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Günter\AppData\Roaming\Mozilla\Firefox\Profiles\hypg6nzk.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bild.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-IcoFX_is1 - d:\programme\IcoFX 1.6\unins000.exe
AddRemove-UberIcon_is1 - d:\downloads\UberIcon\unins000.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2926146690-4048877207-2457611769-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,25,04,0b,03,72,0c,bf,7e,32,8b,45,8f,c4,07,63,d5,7c,ca,28,01,
  91,86,d5,1b,0a,db,97,df,84,75,67,19,41,67,1a,f9,c4,c5,a2,10,bd,a4,ec,37,05,\
"rkeysecu"=hex:de,cf,9f,76,91,10,12,bc,18,a8,fe,19,e7,d0,0f,90
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3868)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\vfsFPService.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
d:\4.programme\eigen installierte Programme\Sync\FreeAgentService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11  14:36:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-11 12:35
.
Vor Suchlauf: 17 Verzeichnis(se), 71.792.431.104 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 68.102.803.456 Bytes frei
.
- - End Of File - - EBBDAD49E915C57F2797EB45DA3915E0


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:22 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131