Trojaner-Board - Problem mit Searchqu

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Problem mit Searchqu (https://www.trojaner-board.de/115521-problem-searchqu.html)

Problem mit Searchqu

Hallo an alle,

ich habe das gleiche Problem wie bereits einige andere User vor mir, nämlich habe ich ungewollt searchqu als Startseite und auch als Suchmaschine in der Browser-Adressleiste eingestellt. Sorry, dass ich ein neues Thema erstelle und das Forum damit zuspamme, aber das scheint hier ja sogar erwünscht zu sein ;)

Mein Virenscanner erkennt keinen Virus auf dem Rechner, auch wenn ich schon auf verschiedenen Seiten gelesen habe, dass es sich bei searchqu um einen Trojaner handeln soll.

Ich habe nicht das übliche Proggi Ilivid installiert und habe auch keinen derartigen Ordner in meinen Programmfiles, finde es bei der Suche und auch in der Systemsteuerung unter Programme nicht; ich habe allerdings einen Ordner c:\program files\windows searchqu toolbar. Deinstalliert habe ich jetzt erstmal noch nichts.

Ich habe einen OTL-Check durchgeführt, die logs findet ihr im Anhang.

Vielen Dank im Voraus für eure Hilfe!

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hey Arne und hey Rest-Board ;)

erstmal danke ich dir für deine schnelle und nette Antwort!

Mein Problem ist nun, dass ich meinen Firefox nicht mehr verwenden kann, um mir das Antivirenprogramm runterzuladen. Starte ich meinen Browser, hängt sich das Programm und mein gesamtes System gleich mit auf.

Ich habe zur Vorsicht mal in der Systemsteuerung die Wlan-Karte deaktiviert, um aus- und eingehenden Datenverkehr komplett zu unterbinden, keine Ahnung, ob das so klug ist.

Ich lade mir gerade bei einem Nachbarn malwarebytes runter und werde sobald wie möglich einen Scan ausführen. Dazu werd ich natürlich meine Wlan-Karte wieder aktivieren, um das Update auszuführen, falls jetzt niemand ausdrücklich das Gegenteil empfiehlt.

Keine Ahnung, was genau mit meinem Rechner los ist, aber ich bin auf jeden Fall an der Sache dran.

Danke nochmals für die Hilfe, Maurice

Das größere Problem, fällt mir gerade auf, ist natürlich der ESET-Online-Check, den ich leider nicht ausführen kann, wenn mein Browser nicht funktioniert.... :(

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

So. Im abgesicherten Modus hat natürlich alles wieder prächtig funktioniert. Danke für den Tipp.

Hier ist die log-file vom ersten Scan, also Malwarebytes:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.21.04
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

MCDB MOBIL :: MCDB-MOBIL [Administrator]
 

Schutz: Deaktiviert
 

23.05.2012 14:01:02

mbam-log-2012-05-23 (16-12-35).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 393785

Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 4

HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt.

HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Keine Aktion durchgeführt.

HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.

HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Alle Funde habe ich vom Programm entfernen lassen.

Der ESET-Scan läuft, und zwar schon seit knapp 2 Stunden. Scheint etwas länger zu dauern; die Scan-Ergebnisse kommen, sobald er fertig ist.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Nein, ich habe das Programm gestern installiert und erst einen Scan laufen lassen. Ich habe also nur diesen einen Scan-Log. Brauchst du auch die Protection-Logs?

Hier ist wie gewünscht und angekündigt der ESET-Scan:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7000353930c5744c8a1151aea08cd74a

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-23 02:23:06

# local_time=2012-05-23 04:23:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 48500461 175315392 0 0

# compatibility_mode=8192 67108863 100 0 168 168 0 0

# scanned=851

# found=0

# cleaned=0

# scan_time=296

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7000353930c5744c8a1151aea08cd74a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-23 06:23:22

# local_time=2012-05-23 08:23:22 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 48507365 175322296 0 0

# compatibility_mode=8192 67108863 100 0 7072 7072 0 0

# scanned=206988

# found=4

# cleaned=0

# scan_time=7808

C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\MCDB MOBIL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

Nochmals: Vielen Dank für deine Hilfe! :dankeschoen: Was mache ich jetzt als nächstes?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier ist das Ergebnis:

OTL Logfile:

Code:

OTL logfile created on: 24.05.2012 22:23:07 - Run 2

OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\MCDB MOBIL\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,91 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 82,67% Memory free

6,02 Gb Paging File | 5,71 Gb Available in Paging File | 94,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,17 Gb Total Space | 23,66 Gb Free Space | 16,41% Space Free | Partition Type: NTFS

Drive D: | 144,15 Gb Total Space | 9,81 Gb Free Space | 6,80% Space Free | Partition Type: NTFS

Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools)

PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\WinRAR\RarExt.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)

SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()

SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys ()

DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys ()

DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys ()

DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys ()

DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys ()

DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys ()

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH)

DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH)

DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH)

DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH)

DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)

DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()

DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )

DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)

DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )

DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)

DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M]

 

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions

[2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions

[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml

[2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml

[2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

[2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI

[2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found

O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)

O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.24 22:15:50 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002

[2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes

[2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe

[2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar

[2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack

[2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll

[2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll

[2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll

[2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll

[2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll

[2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll

[2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll

[2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll

[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter

[2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.24 22:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.24 22:18:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.24 22:15:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012.05.24 22:15:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.24 22:15:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar

[2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job

[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job

[2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe

[2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf

[2012.05.20 21:37:25 | 155,429,843 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3

[2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.13 14:44:11 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.13 14:44:11 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.13 14:44:11 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.13 14:44:11 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf

[2012.05.20 21:29:17 | 155,429,843 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3

[2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx

[2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2012.05.20 21:10:59 | 422,404,193 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love.flac

[2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat

[2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll

[2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe

[2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys

[2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys

[2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

 
 ========== LOP Check ==========

 

[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro

[2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox

[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000

[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software

[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon

[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView

[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon

[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job

[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job

[2012.05.24 22:18:11 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe

[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink

[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro

[2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX

[2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox

[2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss

[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000

[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software

[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities

[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon

[2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel

[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView

[2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech

[2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia

[2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes

[2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft

[2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla

[2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real

[2012.05.24 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype

[2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc

[2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR

[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon

 
 < %APPDATA%\*.exe /s >

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe

[2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe

[2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe

[2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe

[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1
 

< End of report >

--- --- ---

Erneut ein fettes :dankeschoen: !!!! What to do next?

PS: Mir fällt gerade ein, dass ich vielleicht erwähnen sollte, das ich auch diesen Scan im Abgesicherten Modus mit Netzwerktreibern durchgeführt habe, um die von dir angegebene Liste aus meinem Browser in OTL kopieren zu können. Es sind also wahrscheinlich nicht alle Prozesse aufgeführt, die im normalen Betrieb laufen würden. Ich hoffe, das ist kein Problem?!

Wenn doch, mache ich den Scan natürlich nochmal und kopiere deine Liste vorher in ein txt-Dokument! ;)

PPS: Kann es zu weiteren Problemen kommen, wenn ich meine wichtigen Daten sichere? Also meine Musiksammlung und meine Daten für die Dissertation und so?

Achso ja, mach das lieber nochmal im normalen Modus. Den abgesicherten nur wenn ich es schreibe oder es Probleme im normalen Modus gibt

Die Datensicherung kannst du auf jeden Fall tun, Backups sind immer eine gute Idee :daumenhoc

Und nochmal.. Hat ne ganze Weile gedauert, mein Laptop hat sich zwischendrin einige Male aufgehängt... :/

OTL Logfile:

Code:

OTL logfile created on: 25.05.2012 12:34:40 - Run 3

OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\MCDB MOBIL\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,91 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,98% Memory free

6,03 Gb Paging File | 4,33 Gb Available in Paging File | 71,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,17 Gb Total Space | 27,53 Gb Free Space | 19,09% Space Free | Partition Type: NTFS

Drive D: | 144,15 Gb Total Space | 44,50 Gb Free Space | 30,87% Space Free | Partition Type: NTFS

Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Users\MCDBMO~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programme\Native Instruments\Traktor 2\Traktor.exe (Native Instruments Software Synthesis GmbH)

PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Programme\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)

PRC - C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)

PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)

PRC - c:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)

PRC - c:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)

PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)

PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)

PRC - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

PRC - C:\Windows\PLFSetI.exe ()

PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()

MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()

MOD - C:\Windows\PLFSetI.exe ()

MOD - C:\Programme\Launch Manager\PowerUtl.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)

SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()

SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found

DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys File not found

DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys File not found

DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys File not found

DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys File not found

DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys File not found

DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH)

DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH)

DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH)

DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH)

DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)

DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()

DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)

DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.)

DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)

DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)

DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )

DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)

DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )

DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)

DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Amazon.de"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M]

 

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions

[2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions

[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml

[2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml

[2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

[2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI

[2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found

O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)

O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)

O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.25 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

[2012.05.24 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\Desktop\logs

[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002

[2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes

[2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe

[2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar

[2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack

[2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll

[2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll

[2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll

[2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll

[2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll

[2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll

[2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll

[2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll

[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter

[2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.25 12:12:58 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.25 12:12:58 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.25 12:12:58 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.25 12:12:58 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.25 12:06:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012.05.25 12:05:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.25 12:05:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.25 12:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.25 12:04:44 | 3129,753,600 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.25 11:58:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar

[2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job

[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job

[2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe

[2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf

[2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2012.05.25 12:04:44 | 3129,753,600 | -HS- | C] () -- C:\hiberfil.sys

[2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf

[2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx

[2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat

[2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll

[2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe

[2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys

[2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys

[2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin

[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin

[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

 
 ========== LOP Check ==========

 

[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro

[2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox

[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000

[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software

[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon

[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView

[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon

[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job

[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job

[2012.05.25 11:58:56 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe

[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon

[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1

[2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink

[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro

[2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX

[2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox

[2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss

[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000

[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software

[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack

[2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities

[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon

[2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel

[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView

[2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech

[2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia

[2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes

[2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft

[2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla

[2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real

[2012.05.25 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype

[2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc

[2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR

[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon

 
 < %APPDATA%\*.exe /s >

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe

[2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe

[2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe

[2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe

[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Amazon.de"

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/410"

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="

FF - user.js - File not found

[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml

[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION

[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found

O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun

O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun

O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe

[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002

[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1

:Files

C:\Programme\Windows Searchqu Toolbar

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Im normalen, nicht abgesicherten Modus ist der Scan einmal durchgelaufen, das Programm hat sich jedoch direkt im Anschluss aufgehängt, und keine neue log-Datei ausgespuckt. In der alten olt.txt steht noch das Datum und die Zeit von dem Scan, den ich dir vorhin gepostet habe. Zudem hat sich der größte Teil der Prozesse auf meinem PC beendet, darunter auch die explorer.exe.

Windows wollte seinen Bericht schicken, der folgende Dateien umfasst. Diese hätte ich gern eingefügt, aber sie sind - oh Wunder - nicht mehr im angegebenen Ordner... (Ich hab natürlich die versteckten Dateien anzeigen lassen).

Code:

  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERCC07.tmp.version.txt

  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED0F.tmp.appcompat.txt

  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED3F.tmp.mdmp

Ich denke mal, das fällt unter deine Aussage, dass uU ein Neustart erforderlich sei. Ich mach das jetzt mal und mach dann noch nen Scan bei

So. Frühschuss. Nach dem Neustart öffnete sich eine txt-Datei mit folgendem Inhalt:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Amazon.de" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.searchnu.com/410" removed from browser.startup.homepage

Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" removed from keyword.URL

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml moved successfully.

C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.

C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.

C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.

C:\Programme\DealPly\DealPlyIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zinit32 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.

C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid deleted successfully.

C:\Programme\Xvid\CheckUpdate.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll deleted successfully.

C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.

File F:\Setup.exe -auto not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.

File G:\LaunchU3.exe not found.

C:\found.002\dir0002.chk folder moved successfully.

C:\found.002\dir0001.chk folder moved successfully.

C:\found.002\dir0000.chk folder moved successfully.

C:\found.002 folder moved successfully.

C:\wilog.exe moved successfully.

ADS C:\ProgramData\TEMP:A4C0DDD1 deleted successfully.

========== FILES ==========

File\Folder C:\Programme\Windows Searchqu Toolbar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

->Flash cache emptied: 56550 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: MCDB MOBIL

->Temp folder emptied: 6950295081 bytes

->Temporary Internet Files folder emptied: 562400735 bytes

->Java cache emptied: 216482 bytes

->FireFox cache emptied: 106699039 bytes

->Flash cache emptied: 15265666 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3707408537 bytes

RecycleBin emptied: 5615031687 bytes

 

Total Files Cleaned = 16.172,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: MCDB MOBIL

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.43.1 log created on 05252012_140735
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Ich hoffe, das Problem ist damit behoben? Der Rechner läuft jedenfalls wieder schnell, rund und sauber, die Startseite bleibt auch die gleiche und überhaupt hab ich nen echt gutes Gefühl! Vielen, vielen, vielen lieben Dank für deine überaus nette und kompetente Hilfe!!!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Done. Hier die Daten aus dem Report. Ich hab erstmal alles geskippt, wie du gesagt hast. Einige Funde kann ich käuflich erworbenen Programmen zuordnen, bsp NI (=Native Instruments)..

Code:

15:07:37.0252 4172        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

15:07:37.0533 4172        ============================================================

15:07:37.0533 4172        Current date / time: 2012/05/26 15:07:37.0533

15:07:37.0533 4172        SystemInfo:

15:07:37.0533 4172        

15:07:37.0533 4172        OS Version: 6.0.6002 ServicePack: 2.0

15:07:37.0533 4172        Product type: Workstation

15:07:37.0533 4172        ComputerName: MCDB-MOBIL

15:07:37.0533 4172        UserName: MCDB MOBIL

15:07:37.0533 4172        Windows directory: C:\Windows

15:07:37.0533 4172        System windows directory: C:\Windows

15:07:37.0533 4172        Processor architecture: Intel x86

15:07:37.0533 4172        Number of processors: 2

15:07:37.0533 4172        Page size: 0x1000

15:07:37.0533 4172        Boot type: Normal boot

15:07:37.0533 4172        ============================================================

15:07:38.0875 4172        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:07:38.0875 4172        ============================================================

15:07:38.0875 4172        \Device\Harddisk0\DR0:

15:07:38.0875 4172        MBR partitions:

15:07:38.0875 4172        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000

15:07:38.0875 4172        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800

15:07:38.0875 4172        ============================================================

15:07:38.0937 4172        C: <-> \Device\Harddisk0\DR0\Partition0

15:07:39.0171 4172        D: <-> \Device\Harddisk0\DR0\Partition1

15:07:39.0187 4172        ============================================================

15:07:39.0187 4172        Initialize success

15:07:39.0187 4172        ============================================================

15:07:51.0324 1452        ============================================================

15:07:51.0324 1452        Scan started

15:07:51.0324 1452        Mode: Manual; SigCheck; TDLFS; 

15:07:51.0324 1452        ============================================================

15:08:06.0705 1452        a4djavs         (7b73a609a15979b16f2241636a2f5d13) C:\Windows\system32\Drivers\a4djavs.sys

15:08:06.0892 1452        a4djavs - ok

15:08:07.0080 1452        a4djusb_svc     (9aea2035649119f42c11e149af78d8c2) C:\Windows\system32\Drivers\a4djusb.sys

15:08:07.0111 1452        a4djusb_svc - ok

15:08:07.0220 1452        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

15:08:07.0251 1452        ACPI - ok

15:08:07.0704 1452        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

15:08:08.0016 1452        adp94xx - ok

15:08:08.0655 1452        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

15:08:08.0749 1452        adpahci - ok

15:08:08.0827 1452        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

15:08:08.0842 1452        adpu160m - ok

15:08:08.0936 1452        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

15:08:08.0967 1452        adpu320 - ok

15:08:09.0045 1452        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

15:08:09.0700 1452        AeLookupSvc - ok

15:08:10.0278 1452        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

15:08:10.0434 1452        AFD - ok

15:08:10.0855 1452        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

15:08:10.0855 1452        agp440 - ok

15:08:11.0089 1452        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

15:08:11.0120 1452        aic78xx - ok

15:08:11.0214 1452        AlfaFF          (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys

15:08:11.0276 1452        AlfaFF - ok

15:08:11.0370 1452        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

15:08:12.0649 1452        ALG - ok

15:08:12.0696 1452        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

15:08:12.0727 1452        aliide - ok

15:08:12.0805 1452        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

15:08:12.0820 1452        amdagp - ok

15:08:12.0930 1452        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

15:08:12.0945 1452        amdide - ok

15:08:13.0148 1452        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

15:08:13.0273 1452        AmdK7 - ok

15:08:13.0616 1452        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

15:08:13.0756 1452        AmdK8 - ok

15:08:13.0928 1452        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

15:08:14.0084 1452        Appinfo - ok

15:08:15.0020 1452        AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll

15:08:15.0192 1452        AppMgmt - ok

15:08:15.0628 1452        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

15:08:15.0706 1452        arc - ok

15:08:15.0847 1452        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

15:08:15.0878 1452        arcsas - ok

15:08:15.0925 1452        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

15:08:16.0065 1452        AsyncMac - ok

15:08:16.0190 1452        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

15:08:16.0206 1452        atapi - ok

15:08:16.0845 1452        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

15:08:16.0908 1452        atksgt - ok

15:08:17.0391 1452        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

15:08:17.0578 1452        AudioEndpointBuilder - ok

15:08:17.0594 1452        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

15:08:17.0610 1452        Audiosrv - ok

15:08:17.0890 1452        b57nd60x        (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:08:18.0062 1452        b57nd60x - ok

15:08:18.0187 1452        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

15:08:18.0234 1452        Beep - ok

15:08:18.0889 1452        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

15:08:19.0014 1452        BFE - ok

15:08:19.0622 1452        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

15:08:19.0794 1452        BITS - ok

15:08:19.0887 1452        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

15:08:19.0934 1452        blbdrive - ok

15:08:19.0981 1452        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

15:08:20.0028 1452        bowser - ok

15:08:20.0059 1452        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

15:08:20.0090 1452        BrFiltLo - ok

15:08:20.0121 1452        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

15:08:20.0168 1452        BrFiltUp - ok

15:08:20.0277 1452        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

15:08:20.0308 1452        Browser - ok

15:08:20.0371 1452        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

15:08:20.0558 1452        Brserid - ok

15:08:20.0792 1452        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

15:08:20.0870 1452        BrSerWdm - ok

15:08:20.0917 1452        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

15:08:21.0010 1452        BrUsbMdm - ok

15:08:21.0042 1452        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

15:08:21.0120 1452        BrUsbSer - ok

15:08:21.0166 1452        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

15:08:21.0229 1452        BthEnum - ok

15:08:21.0276 1452        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

15:08:21.0322 1452        BTHMODEM - ok

15:08:21.0416 1452        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

15:08:21.0463 1452        BthPan - ok

15:08:21.0712 1452        BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

15:08:21.0790 1452        BTHPORT - ok

15:08:21.0822 1452        BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

15:08:21.0853 1452        BthServ - ok

15:08:21.0900 1452        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

15:08:21.0900 1452        BTHUSB - ok

15:08:21.0978 1452        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys

15:08:21.0993 1452        btwaudio - ok

15:08:22.0024 1452        btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys

15:08:22.0040 1452        btwavdt - ok

15:08:22.0056 1452        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys

15:08:22.0071 1452        btwrchid - ok

15:08:22.0227 1452        BUNAgentSvc     (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

15:08:22.0258 1452        BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning

15:08:22.0258 1452        BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)

15:08:22.0290 1452        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

15:08:22.0352 1452        cdfs - ok

15:08:22.0383 1452        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

15:08:22.0430 1452        cdrom - ok

15:08:22.0461 1452        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

15:08:22.0492 1452        CertPropSvc - ok

15:08:22.0524 1452        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

15:08:22.0586 1452        circlass - ok

15:08:22.0648 1452        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

15:08:22.0664 1452        CLFS - ok

15:08:22.0804 1452        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:08:22.0820 1452        clr_optimization_v2.0.50727_32 - ok

15:08:22.0929 1452        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:08:22.0960 1452        clr_optimization_v4.0.30319_32 - ok

15:08:23.0007 1452        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

15:08:23.0054 1452        CmBatt - ok

15:08:23.0101 1452        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

15:08:23.0116 1452        cmdide - ok

15:08:23.0132 1452        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

15:08:23.0148 1452        Compbatt - ok

15:08:23.0148 1452        COMSysApp - ok

15:08:23.0163 1452        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

15:08:23.0163 1452        crcdisk - ok

15:08:23.0179 1452        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

15:08:23.0226 1452        Crusoe - ok

15:08:23.0288 1452        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

15:08:23.0319 1452        CryptSvc - ok

15:08:23.0382 1452        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

15:08:23.0444 1452        CSC - ok

15:08:23.0506 1452        CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll

15:08:23.0553 1452        CscService - ok

15:08:23.0647 1452        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

15:08:23.0709 1452        DcomLaunch - ok

15:08:23.0772 1452        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

15:08:23.0834 1452        DfsC - ok

15:08:24.0942 1452        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

15:08:25.0082 1452        DFSR - ok

15:08:25.0534 1452        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

15:08:25.0566 1452        Dhcp - ok

15:08:25.0675 1452        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

15:08:25.0690 1452        disk - ok

15:08:25.0737 1452        DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

15:08:25.0753 1452        DKbFltr - ok

15:08:25.0909 1452        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

15:08:25.0971 1452        Dnscache - ok

15:08:26.0143 1452        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

15:08:26.0158 1452        dot3svc - ok

15:08:26.0330 1452        dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

15:08:26.0377 1452        dot4 - ok

15:08:26.0408 1452        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:08:26.0455 1452        Dot4Print - ok

15:08:26.0502 1452        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

15:08:26.0533 1452        dot4usb - ok

15:08:26.0580 1452        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

15:08:26.0611 1452        DPS - ok

15:08:26.0642 1452        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

15:08:26.0673 1452        drmkaud - ok

15:08:26.0985 1452        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

15:08:27.0016 1452        DXGKrnl - ok

15:08:27.0079 1452        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

15:08:27.0110 1452        E1G60 - ok

15:08:27.0172 1452        e1yexpress      (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys

15:08:27.0188 1452        e1yexpress - ok

15:08:27.0219 1452        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

15:08:27.0235 1452        EapHost - ok

15:08:27.0250 1452        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

15:08:27.0266 1452        Ecache - ok

15:08:27.0360 1452        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

15:08:27.0438 1452        elxstor - ok

15:08:27.0516 1452        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

15:08:27.0578 1452        EMDMgmt - ok

15:08:27.0609 1452        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

15:08:27.0625 1452        ErrDev - ok

15:08:27.0781 1452        ETService       (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

15:08:27.0812 1452        ETService ( UnsignedFile.Multi.Generic ) - warning

15:08:27.0812 1452        ETService - detected UnsignedFile.Multi.Generic (1)

15:08:28.0093 1452        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

15:08:28.0140 1452        EventSystem - ok

15:08:28.0327 1452        EvtEng          (53cca6b4df0977074e85c9a18f42b5cc) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:08:28.0452 1452        EvtEng - ok

15:08:28.0561 1452        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

15:08:28.0608 1452        exfat - ok

15:08:28.0639 1452        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

15:08:28.0686 1452        fastfat - ok

15:08:28.0951 1452        Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe

15:08:29.0044 1452        Fax - ok

15:08:29.0076 1452        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

15:08:29.0122 1452        fdc - ok

15:08:29.0154 1452        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

15:08:29.0185 1452        fdPHost - ok

15:08:29.0216 1452        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

15:08:29.0263 1452        FDResPub - ok

15:08:29.0310 1452        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

15:08:29.0310 1452        FileInfo - ok

15:08:29.0325 1452        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

15:08:29.0372 1452        Filetrace - ok

15:08:29.0403 1452        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:08:29.0434 1452        flpydisk - ok

15:08:29.0481 1452        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

15:08:29.0512 1452        FltMgr - ok

15:08:29.0731 1452        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

15:08:29.0840 1452        FontCache - ok

15:08:30.0043 1452        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:08:30.0058 1452        FontCache3.0.0.0 - ok

15:08:30.0090 1452        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

15:08:30.0136 1452        Fs_Rec - ok

15:08:30.0152 1452        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

15:08:30.0168 1452        gagp30kx - ok

15:08:30.0214 1452        GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:08:30.0230 1452        GEARAspiWDM - ok

15:08:30.0433 1452        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

15:08:30.0495 1452        gpsvc - ok

15:08:30.0542 1452        GT72NDISIPXP    (19ad11dba7f1a302008332a3ad360b3c) C:\Windows\system32\DRIVERS\Gt51Ip.sys

15:08:30.0589 1452        GT72NDISIPXP - ok

15:08:30.0636 1452        GT72UBUS        (0aecf7b4b784c6257287fe9230d1163e) C:\Windows\system32\DRIVERS\gt72ubus.sys

15:08:30.0682 1452        GT72UBUS - ok

15:08:30.0714 1452        GTPTSER         (4b915d813b7892ba0a08620f82991a82) C:\Windows\system32\DRIVERS\gtptser.sys

15:08:30.0745 1452        GTPTSER - ok

15:08:30.0823 1452        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

15:08:30.0901 1452        HdAudAddService - ok

15:08:31.0041 1452        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:08:31.0104 1452        HDAudBus - ok

15:08:31.0166 1452        HECI            (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys

15:08:31.0197 1452        HECI - ok

15:08:31.0213 1452        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

15:08:31.0260 1452        HidBth - ok

15:08:31.0431 1452        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

15:08:31.0525 1452        HidIr - ok

15:08:31.0618 1452        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

15:08:31.0650 1452        hidserv - ok

15:08:31.0712 1452        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

15:08:31.0759 1452        HidUsb - ok

15:08:31.0852 1452        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

15:08:31.0915 1452        hkmsvc - ok

15:08:32.0040 1452        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

15:08:32.0055 1452        HpCISSs - ok

15:08:32.0196 1452        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

15:08:32.0242 1452        HSFHWAZL - ok

15:08:32.0383 1452        HSF_DPV         (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

15:08:32.0508 1452        HSF_DPV - ok

15:08:32.0554 1452        HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

15:08:32.0570 1452        HSXHWAZL - ok

15:08:32.0632 1452        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

15:08:32.0710 1452        HTTP - ok

15:08:32.0757 1452        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

15:08:32.0773 1452        i2omp - ok

15:08:32.0820 1452        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

15:08:32.0866 1452        i8042prt - ok

15:08:32.0929 1452        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

15:08:32.0944 1452        iaStorV - ok

15:08:33.0069 1452        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

15:08:33.0100 1452        IDriverT ( UnsignedFile.Multi.Generic ) - warning

15:08:33.0100 1452        IDriverT - detected UnsignedFile.Multi.Generic (1)

15:08:33.0366 1452        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:08:33.0397 1452        idsvc - ok

15:08:33.0678 1452        IFXSpMgtSrv     (204ac659f069616ae00627a1b467655d) c:\Windows\system32\ifxspmgt.exe

15:08:33.0693 1452        IFXSpMgtSrv - ok

15:08:33.0834 1452        IFXTCS          (02b893d0b89e0b28881a1cab6f337a0b) C:\Windows\System32\IFXTCS.exe

15:08:33.0990 1452        IFXTCS - ok

15:08:34.0816 1452        IGBASVC         (e70b9c83ddb6d86f9d1bdfad04757a3f) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

15:08:36.0626 1452        IGBASVC ( UnsignedFile.Multi.Generic ) - warning

15:08:36.0626 1452        IGBASVC - detected UnsignedFile.Multi.Generic (1)

15:08:39.0106 1452        igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

15:08:40.0542 1452        igfx - ok

15:08:40.0854 1452        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

15:08:40.0869 1452        iirsp - ok

15:08:41.0056 1452        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

15:08:41.0103 1452        IKEEXT - ok

15:08:41.0166 1452        int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys

15:08:41.0181 1452        int15 ( UnsignedFile.Multi.Generic ) - warning

15:08:41.0181 1452        int15 - detected UnsignedFile.Multi.Generic (1)

15:08:41.0556 1452        IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys

15:08:41.0696 1452        IntcAzAudAddService - ok

15:08:41.0946 1452        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

15:08:41.0961 1452        intelide - ok

15:08:42.0039 1452        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

15:08:42.0070 1452        intelppm - ok

15:08:42.0211 1452        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

15:08:42.0226 1452        IPBusEnum - ok

15:08:42.0258 1452        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:08:42.0304 1452        IpFilterDriver - ok

15:08:42.0429 1452        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

15:08:42.0492 1452        iphlpsvc - ok

15:08:42.0492 1452        IpInIp - ok

15:08:42.0538 1452        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

15:08:42.0585 1452        IPMIDRV - ok

15:08:42.0616 1452        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

15:08:42.0663 1452        IPNAT - ok

15:08:42.0710 1452        irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

15:08:42.0741 1452        irda - ok

15:08:42.0772 1452        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

15:08:42.0788 1452        IRENUM - ok

15:08:42.0835 1452        Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll

15:08:42.0897 1452        Irmon - ok

15:08:42.0975 1452        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

15:08:43.0006 1452        isapnp - ok

15:08:43.0069 1452        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

15:08:43.0084 1452        iScsiPrt - ok

15:08:43.0116 1452        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

15:08:43.0116 1452        iteatapi - ok

15:08:43.0162 1452        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

15:08:43.0162 1452        iteraid - ok

15:08:43.0194 1452        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:08:43.0194 1452        kbdclass - ok

15:08:43.0225 1452        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

15:08:43.0256 1452        kbdhid - ok

15:08:43.0287 1452        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

15:08:43.0318 1452        KeyIso - ok

15:08:43.0443 1452        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

15:08:43.0474 1452        KSecDD - ok

15:08:43.0615 1452        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

15:08:43.0677 1452        KtmRm - ok

15:08:43.0740 1452        kx1avs          (6f46978fef08f9da6a02ff15d02ab7b0) C:\Windows\system32\Drivers\kx1avs.sys

15:08:43.0771 1452        kx1avs - ok

15:08:43.0802 1452        kx1usb_svc      (7ac9f0e7b8dd10c4366dfda697481c1f) C:\Windows\system32\Drivers\kx1usb.sys

15:08:43.0818 1452        kx1usb_svc - ok

15:08:43.0927 1452        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

15:08:43.0989 1452        LanmanServer - ok

15:08:44.0052 1452        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

15:08:44.0130 1452        LanmanWorkstation - ok

15:08:44.0379 1452        LBTServ         (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

15:08:44.0410 1452        LBTServ - ok

15:08:44.0473 1452        LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys

15:08:44.0488 1452        LHidFilt - ok

15:08:44.0551 1452        LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

15:08:44.0551 1452        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

15:08:44.0551 1452        LightScribeService - detected UnsignedFile.Multi.Generic (1)

15:08:44.0613 1452        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

15:08:44.0629 1452        lirsgt - ok

15:08:44.0660 1452        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

15:08:44.0691 1452        lltdio - ok

15:08:44.0738 1452        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

15:08:44.0785 1452        lltdsvc - ok

15:08:44.0816 1452        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

15:08:44.0847 1452        lmhosts - ok

15:08:44.0878 1452        LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys

15:08:44.0894 1452        LMouFilt - ok

15:08:44.0925 1452        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

15:08:44.0941 1452        LSI_FC - ok

15:08:44.0972 1452        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

15:08:44.0988 1452        LSI_SAS - ok

15:08:45.0034 1452        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

15:08:45.0050 1452        LSI_SCSI - ok

15:08:45.0066 1452        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

15:08:45.0112 1452        luafv - ok

15:08:45.0190 1452        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

15:08:45.0190 1452        MBAMProtector - ok

15:08:45.0378 1452        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:08:45.0409 1452        MBAMService - ok

15:08:45.0440 1452        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

15:08:45.0471 1452        mdmxsdk - ok

15:08:45.0518 1452        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

15:08:45.0534 1452        megasas - ok

15:08:45.0612 1452        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

15:08:45.0627 1452        MegaSR - ok

15:08:45.0768 1452        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

15:08:45.0814 1452        MMCSS - ok

15:08:45.0846 1452        MobilityService - ok

15:08:45.0939 1452        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

15:08:45.0986 1452        Modem - ok

15:08:46.0033 1452        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

15:08:46.0064 1452        monitor - ok

15:08:46.0064 1452        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

15:08:46.0080 1452        mouclass - ok

15:08:46.0126 1452        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

15:08:46.0142 1452        mouhid - ok

15:08:46.0158 1452        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

15:08:46.0173 1452        MountMgr - ok

15:08:46.0220 1452        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

15:08:46.0236 1452        MpFilter - ok

15:08:46.0282 1452        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

15:08:46.0298 1452        mpio - ok

15:08:46.0516 1452        MpKsl81ccb632   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D188C870-B71E-457F-8249-DB9FC8AC8DF5}\MpKsl81ccb632.sys

15:08:46.0532 1452        MpKsl81ccb632 - ok

15:08:46.0563 1452        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

15:08:46.0610 1452        mpsdrv - ok

15:08:46.0719 1452        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

15:08:46.0813 1452        MpsSvc - ok

15:08:46.0844 1452        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

15:08:46.0844 1452        Mraid35x - ok

15:08:46.0906 1452        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

15:08:46.0938 1452        MRxDAV - ok

15:08:47.0016 1452        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:08:47.0109 1452        mrxsmb - ok

15:08:47.0203 1452        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:08:47.0250 1452        mrxsmb10 - ok

15:08:47.0296 1452        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:08:47.0296 1452        mrxsmb20 - ok

15:08:47.0328 1452        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

15:08:47.0343 1452        msahci - ok

15:08:47.0374 1452        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

15:08:47.0374 1452        msdsm - ok

15:08:47.0421 1452        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

15:08:47.0452 1452        MSDTC - ok

15:08:47.0468 1452        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

15:08:47.0499 1452        Msfs - ok

15:08:47.0530 1452        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

15:08:47.0546 1452        msisadrv - ok

15:08:47.0577 1452        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

15:08:47.0624 1452        MSiSCSI - ok

15:08:47.0624 1452        msiserver - ok

15:08:47.0671 1452        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

15:08:47.0686 1452        MSKSSRV - ok

15:08:47.0842 1452        MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

15:08:47.0858 1452        MsMpSvc - ok

15:08:47.0889 1452        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

15:08:47.0920 1452        MSPCLOCK - ok

15:08:47.0983 1452        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

15:08:48.0014 1452        MSPQM - ok

15:08:48.0139 1452        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

15:08:48.0154 1452        MsRPC - ok

15:08:48.0279 1452        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

15:08:48.0279 1452        mssmbios - ok

15:08:48.0326 1452        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

15:08:48.0357 1452        MSTEE - ok

15:08:48.0482 1452        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

15:08:48.0498 1452        Mup - ok

15:08:48.0560 1452        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

15:08:48.0591 1452        napagent - ok

15:08:48.0685 1452        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

15:08:48.0700 1452        NativeWifiP - ok

15:08:48.0841 1452        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

15:08:48.0872 1452        NDIS - ok

15:08:48.0934 1452        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

15:08:48.0981 1452        NdisTapi - ok

15:08:49.0012 1452        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

15:08:49.0044 1452        Ndisuio - ok

15:08:49.0122 1452        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:08:49.0184 1452        NdisWan - ok

15:08:49.0278 1452        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

15:08:49.0309 1452        NDProxy - ok

15:08:49.0356 1452        Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll

15:08:49.0371 1452        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:08:49.0371 1452        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:08:49.0387 1452        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

15:08:49.0418 1452        NetBIOS - ok

15:08:49.0543 1452        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

15:08:49.0621 1452        netbt - ok

15:08:49.0652 1452        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

15:08:49.0652 1452        Netlogon - ok

15:08:49.0777 1452        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

15:08:49.0855 1452        Netman - ok

15:08:49.0948 1452        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

15:08:49.0980 1452        netprofm - ok

15:08:50.0198 1452        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:08:50.0214 1452        NetTcpPortSharing - ok

15:08:51.0540 1452        NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

15:08:51.0930 1452        NETw5v32 - ok

15:08:52.0460 1452        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

15:08:52.0460 1452        nfrd960 - ok

15:08:53.0786 1452        NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

15:08:54.0753 1452        NIHardwareService ( UnsignedFile.Multi.Generic ) - warning

15:08:54.0753 1452        NIHardwareService - detected UnsignedFile.Multi.Generic (1)

15:08:55.0346 1452        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:08:55.0362 1452        NisDrv - ok

15:08:55.0549 1452        NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

15:08:55.0580 1452        NisSrv - ok

15:08:55.0674 1452        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

15:08:55.0720 1452        NlaSvc - ok

15:08:55.0783 1452        nmwcd           (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys

15:08:55.0861 1452        nmwcd - ok

15:08:55.0892 1452        nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys

15:08:55.0939 1452        nmwcdc - ok

15:08:55.0986 1452        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

15:08:56.0017 1452        Npfs - ok

15:08:56.0095 1452        NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

15:08:56.0142 1452        NSCIRDA - ok

15:08:56.0235 1452        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

15:08:56.0313 1452        nsi - ok

15:08:56.0360 1452        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

15:08:56.0407 1452        nsiproxy - ok

15:08:56.0781 1452        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

15:08:56.0984 1452        Ntfs - ok

15:08:57.0218 1452        NTIBackupSvc    (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

15:08:57.0265 1452        NTIBackupSvc - ok

15:08:57.0530 1452        NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

15:08:57.0546 1452        NTIDrvr - ok

15:08:57.0608 1452        NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

15:08:57.0608 1452        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning

15:08:57.0608 1452        NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)

15:08:57.0639 1452        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

15:08:57.0686 1452        ntrigdigi - ok

15:08:57.0702 1452        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

15:08:57.0748 1452        Null - ok

15:08:57.0780 1452        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

15:08:57.0795 1452        nvraid - ok

15:08:57.0811 1452        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

15:08:57.0826 1452        nvstor - ok

15:08:57.0842 1452        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

15:08:57.0858 1452        nv_agp - ok

15:08:57.0904 1452        NWADI           (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys

15:08:57.0951 1452        NWADI - ok

15:08:57.0967 1452        NwlnkFlt - ok

15:08:57.0967 1452        NwlnkFwd - ok

15:08:58.0029 1452        o2flash         (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

15:08:58.0060 1452        o2flash ( UnsignedFile.Multi.Generic ) - warning

15:08:58.0060 1452        o2flash - detected UnsignedFile.Multi.Generic (1)

15:08:58.0107 1452        O2MDRDR         (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys

15:08:58.0123 1452        O2MDRDR - ok

15:08:58.0216 1452        O2SCBUS         (439ad52d13600ea69f4a4409b2968a51) C:\Windows\system32\DRIVERS\ozscr.sys

15:08:58.0232 1452        O2SCBUS - ok

15:08:58.0263 1452        O2SDRDR         (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys

15:08:58.0279 1452        O2SDRDR - ok

15:08:58.0606 1452        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:08:58.0638 1452        odserv - ok

15:08:58.0669 1452        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

15:08:58.0684 1452        ohci1394 - ok

15:08:58.0747 1452        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:08:58.0762 1452        ose - ok

15:08:59.0028 1452        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

15:08:59.0090 1452        p2pimsvc - ok

15:08:59.0106 1452        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

15:08:59.0168 1452        p2psvc - ok

15:08:59.0246 1452        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

15:08:59.0308 1452        Parport - ok

15:08:59.0340 1452        partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

15:08:59.0355 1452        partmgr - ok

15:08:59.0371 1452        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

15:08:59.0418 1452        Parvdm - ok

15:08:59.0449 1452        PCASp50 - ok

15:08:59.0464 1452        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

15:08:59.0511 1452        PcaSvc - ok

15:08:59.0589 1452        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

15:08:59.0605 1452        pci - ok

15:08:59.0620 1452        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

15:08:59.0636 1452        pciide - ok

15:08:59.0745 1452        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

15:08:59.0761 1452        pcmcia - ok

15:08:59.0854 1452        PDFProFiltSrv   (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe

15:08:59.0870 1452        PDFProFiltSrv - ok

15:09:00.0042 1452        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

15:09:00.0151 1452        PEAUTH - ok

15:09:00.0213 1452        PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\Windows\System32\drivers\psd.sys

15:09:00.0244 1452        PersonalSecureDrive - ok

15:09:00.0260 1452        PersonalSecureDriveService (c30a73c602c09bc8404a18497ad24145) c:\Windows\system32\IfxPsdSv.exe

15:09:00.0307 1452        PersonalSecureDriveService - ok

15:09:00.0525 1452        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

15:09:00.0728 1452        pla - ok

15:09:00.0962 1452        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

15:09:01.0009 1452        PlugPlay - ok

15:09:01.0071 1452        Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll

15:09:01.0102 1452        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:09:01.0102 1452        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:09:01.0290 1452        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

15:09:01.0305 1452        PNRPAutoReg - ok

15:09:01.0321 1452        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

15:09:01.0383 1452        PNRPsvc - ok

15:09:01.0602 1452        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

15:09:01.0664 1452        PolicyAgent - ok

15:09:01.0726 1452        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

15:09:01.0758 1452        PptpMiniport - ok

15:09:01.0804 1452        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

15:09:01.0836 1452        Processor - ok

15:09:01.0898 1452        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

15:09:01.0945 1452        ProfSvc - ok

15:09:01.0976 1452        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

15:09:01.0992 1452        ProtectedStorage - ok

15:09:02.0038 1452        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

15:09:02.0085 1452        PSched - ok

15:09:02.0350 1452        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

15:09:02.0428 1452        ql2300 - ok

15:09:02.0444 1452        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

15:09:02.0460 1452        ql40xx - ok

15:09:02.0538 1452        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

15:09:02.0584 1452        QWAVE - ok

15:09:02.0600 1452        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

15:09:02.0631 1452        QWAVEdrv - ok

15:09:02.0694 1452        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

15:09:02.0740 1452        RasAcd - ok

15:09:02.0772 1452        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

15:09:02.0818 1452        RasAuto - ok

15:09:02.0850 1452        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:09:02.0881 1452        Rasl2tp - ok

15:09:03.0037 1452        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

15:09:03.0068 1452        RasMan - ok

15:09:03.0099 1452        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

15:09:03.0130 1452        RasPppoe - ok

15:09:03.0177 1452        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

15:09:03.0177 1452        RasSstp - ok

15:09:03.0380 1452        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

15:09:03.0427 1452        rdbss - ok

15:09:03.0442 1452        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:09:03.0474 1452        RDPCDD - ok

15:09:03.0614 1452        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

15:09:03.0661 1452        rdpdr - ok

15:09:03.0676 1452        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

15:09:03.0723 1452        RDPENCDD - ok

15:09:03.0957 1452        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

15:09:04.0004 1452        RDPWD - ok

15:09:04.0269 1452        RegSrvc         (7c4391419852dfc331f6af620c33af3c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:09:04.0378 1452        RegSrvc - ok

15:09:04.0441 1452        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

15:09:04.0472 1452        RemoteAccess - ok

15:09:04.0503 1452        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

15:09:04.0550 1452        RemoteRegistry - ok

15:09:04.0737 1452        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

15:09:04.0753 1452        RFCOMM - ok

15:09:04.0909 1452        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

15:09:05.0018 1452        RpcLocator - ok

15:09:05.0174 1452        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

15:09:05.0205 1452        RpcSs - ok

15:09:05.0299 1452        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

15:09:05.0346 1452        rspndr - ok

15:09:05.0377 1452        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

15:09:05.0377 1452        SamSs - ok

15:09:05.0439 1452        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

15:09:05.0455 1452        sbp2port - ok

15:09:05.0502 1452        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

15:09:05.0548 1452        SCardSvr - ok

15:09:05.0704 1452        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

15:09:05.0767 1452        Schedule - ok

15:09:05.0798 1452        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

15:09:05.0814 1452        SCPolicySvc - ok

15:09:05.0860 1452        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

15:09:05.0892 1452        sdbus - ok

15:09:06.0110 1452        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

15:09:06.0157 1452        SDRSVC - ok

15:09:06.0188 1452        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:09:06.0266 1452        secdrv - ok

15:09:06.0328 1452        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

15:09:06.0360 1452        seclogon - ok

15:09:06.0391 1452        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

15:09:06.0438 1452        SENS - ok

15:09:06.0453 1452        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

15:09:06.0500 1452        Serenum - ok

15:09:06.0718 1452        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

15:09:06.0843 1452        Serial - ok

15:09:06.0859 1452        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

15:09:06.0890 1452        sermouse - ok

15:09:07.0108 1452        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

15:09:07.0155 1452        SessionEnv - ok

15:09:07.0202 1452        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

15:09:07.0233 1452        sffdisk - ok

15:09:07.0264 1452        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

15:09:07.0296 1452        sffp_mmc - ok

15:09:07.0358 1452        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

15:09:07.0374 1452        sffp_sd - ok

15:09:07.0389 1452        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

15:09:07.0452 1452        sfloppy - ok

15:09:07.0608 1452        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

15:09:07.0654 1452        SharedAccess - ok

15:09:07.0826 1452        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

15:09:07.0857 1452        ShellHWDetection - ok

15:09:07.0888 1452        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

15:09:07.0904 1452        sisagp - ok

15:09:07.0920 1452        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

15:09:07.0935 1452        SiSRaid2 - ok

15:09:07.0966 1452        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

15:09:07.0982 1452        SiSRaid4 - ok

15:09:08.0122 1452        SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe

15:09:08.0138 1452        SkypeUpdate - ok

15:09:09.0292 1452        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

15:09:09.0745 1452        slsvc - ok

15:09:10.0150 1452        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

15:09:10.0166 1452        SLUINotify - ok

15:09:10.0306 1452        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

15:09:10.0338 1452        Smb - ok

15:09:10.0478 1452        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

15:09:10.0494 1452        SNMPTRAP - ok

15:09:10.0525 1452        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

15:09:10.0540 1452        spldr - ok

15:09:10.0603 1452        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

15:09:10.0650 1452        Spooler - ok

15:09:10.0774 1452        SQLWriter       (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

15:09:10.0806 1452        SQLWriter - ok

15:09:11.0008 1452        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

15:09:11.0086 1452        srv - ok

15:09:11.0133 1452        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

15:09:11.0164 1452        srv2 - ok

15:09:11.0211 1452        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

15:09:11.0258 1452        srvnet - ok

15:09:11.0336 1452        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

15:09:11.0398 1452        SSDPSRV - ok

15:09:11.0461 1452        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

15:09:11.0492 1452        SstpSvc - ok

15:09:11.0617 1452        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

15:09:11.0648 1452        stisvc - ok

15:09:11.0679 1452        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

15:09:11.0679 1452        swenum - ok

15:09:11.0742 1452        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

15:09:11.0788 1452        swprv - ok

15:09:11.0804 1452        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

15:09:11.0820 1452        Symc8xx - ok

15:09:11.0913 1452        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

15:09:11.0944 1452        Sym_hi - ok

15:09:11.0991 1452        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

15:09:12.0007 1452        Sym_u3 - ok

15:09:12.0069 1452        SynTP           (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys

15:09:12.0085 1452        SynTP - ok

15:09:12.0194 1452        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

15:09:12.0272 1452        SysMain - ok

15:09:12.0303 1452        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

15:09:12.0319 1452        TabletInputService - ok

15:09:12.0366 1452        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

15:09:12.0428 1452        TapiSrv - ok

15:09:12.0444 1452        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

15:09:12.0490 1452        TBS - ok

15:09:12.0834 1452        Tcpip           (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys

15:09:12.0896 1452        Tcpip - ok

15:09:12.0912 1452        Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys

15:09:12.0943 1452        Tcpip6 - ok

15:09:13.0021 1452        tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys

15:09:13.0083 1452        tcpipreg - ok

15:09:13.0146 1452        TcUsb           (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys

15:09:13.0146 1452        TcUsb - ok

15:09:13.0177 1452        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

15:09:13.0224 1452        TDPIPE - ok

15:09:13.0255 1452        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

15:09:13.0302 1452        TDTCP - ok

15:09:13.0348 1452        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

15:09:13.0426 1452        tdx - ok

15:09:13.0473 1452        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

15:09:13.0489 1452        TermDD - ok

15:09:13.0754 1452        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

15:09:13.0801 1452        TermService - ok

15:09:14.0050 1452        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

15:09:14.0066 1452        Themes - ok

15:09:14.0113 1452        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

15:09:14.0144 1452        THREADORDER - ok

15:09:14.0191 1452        TpChoice        (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys

15:09:14.0222 1452        TpChoice - ok

15:09:14.0253 1452        TPM             (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys

15:09:14.0269 1452        TPM - ok

15:09:14.0331 1452        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

15:09:14.0347 1452        TrkWks - ok

15:09:14.0628 1452        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

15:09:14.0674 1452        TrustedInstaller - ok

15:09:14.0706 1452        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:09:14.0721 1452        tssecsrv - ok

15:09:14.0752 1452        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

15:09:14.0784 1452        tunmp - ok

15:09:14.0815 1452        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

15:09:14.0846 1452        tunnel - ok

15:09:14.0877 1452        U46WDM1_01      (dd60662944aaabbf9d8c9e3bf8428cdf) C:\Windows\system32\DRIVERS\U46wdm.sys

15:09:14.0908 1452        U46WDM1_01 - ok

15:09:14.0940 1452        U46_AA          (2e8dbf227a4d19ef14153f1435338508) C:\Windows\system32\DRIVERS\U46DRV.sys

15:09:14.0971 1452        U46_AA - ok

15:09:14.0986 1452        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

15:09:15.0018 1452        uagp35 - ok

15:09:15.0049 1452        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

15:09:15.0064 1452        UBHelper - ok

15:09:15.0127 1452        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

15:09:15.0158 1452        udfs - ok

15:09:15.0252 1452        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

15:09:15.0298 1452        UI0Detect - ok

15:09:15.0330 1452        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

15:09:15.0345 1452        uliagpkx - ok

15:09:15.0439 1452        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

15:09:15.0470 1452        uliahci - ok

15:09:15.0532 1452        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

15:09:15.0548 1452        UlSata - ok

15:09:15.0595 1452        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

15:09:15.0610 1452        ulsata2 - ok

15:09:15.0642 1452        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

15:09:15.0673 1452        umbus - ok

15:09:15.0844 1452        UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll

15:09:15.0907 1452        UmRdpService - ok

15:09:15.0969 1452        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

15:09:16.0016 1452        upnphost - ok

15:09:16.0063 1452        upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

15:09:16.0094 1452        upperdev - ok

15:09:16.0110 1452        USBAAPL - ok

15:09:16.0156 1452        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

15:09:16.0188 1452        usbaudio - ok

15:09:16.0234 1452        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

15:09:16.0281 1452        usbccgp - ok

15:09:16.0328 1452        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

15:09:16.0390 1452        usbcir - ok

15:09:16.0453 1452        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

15:09:16.0468 1452        usbehci - ok

15:09:16.0562 1452        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

15:09:16.0578 1452        usbhub - ok

15:09:16.0624 1452        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

15:09:16.0687 1452        usbohci - ok

15:09:16.0718 1452        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

15:09:16.0749 1452        usbprint - ok

15:09:16.0796 1452        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

15:09:16.0812 1452        usbscan - ok

15:09:16.0843 1452        usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys

15:09:16.0874 1452        usbser - ok

15:09:16.0921 1452        UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

15:09:16.0968 1452        UsbserFilt - ok

15:09:16.0983 1452        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:09:17.0030 1452        USBSTOR - ok

15:09:17.0061 1452        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

15:09:17.0077 1452        usbuhci - ok

15:09:17.0108 1452        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

15:09:17.0139 1452        usbvideo - ok

15:09:17.0155 1452        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

15:09:17.0202 1452        UxSms - ok

15:09:17.0264 1452        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

15:09:17.0311 1452        vds - ok

15:09:17.0358 1452        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

15:09:17.0404 1452        vga - ok

15:09:17.0545 1452        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

15:09:17.0592 1452        VgaSave - ok

15:09:17.0607 1452        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

15:09:17.0623 1452        viaagp - ok

15:09:17.0638 1452        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

15:09:17.0670 1452        ViaC7 - ok

15:09:17.0748 1452        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

15:09:17.0763 1452        viaide - ok

15:09:17.0794 1452        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

15:09:17.0810 1452        volmgr - ok

15:09:17.0888 1452        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

15:09:17.0935 1452        volmgrx - ok

15:09:18.0044 1452        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

15:09:18.0060 1452        volsnap - ok

15:09:18.0138 1452        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

15:09:18.0153 1452        vsmraid - ok

15:09:18.0418 1452        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

15:09:18.0465 1452        VSS - ok

15:09:18.0824 1452        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

15:09:18.0855 1452        W32Time - ok

15:09:19.0105 1452        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

15:09:19.0152 1452        WacomPen - ok

15:09:19.0292 1452        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:09:19.0339 1452        Wanarp - ok

15:09:19.0339 1452        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

15:09:19.0370 1452        Wanarpv6 - ok

15:09:19.0588 1452        wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe

15:09:19.0822 1452        wbengine - ok

15:09:19.0916 1452        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

15:09:19.0963 1452        wcncsvc - ok

15:09:20.0041 1452        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

15:09:20.0088 1452        WcsPlugInService - ok

15:09:20.0181 1452        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

15:09:20.0197 1452        Wd - ok

15:09:20.0337 1452        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

15:09:20.0400 1452        Wdf01000 - ok

15:09:20.0431 1452        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

15:09:20.0462 1452        WdiServiceHost - ok

15:09:20.0462 1452        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

15:09:20.0493 1452        WdiSystemHost - ok

15:09:20.0524 1452        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

15:09:20.0571 1452        WebClient - ok

15:09:20.0680 1452        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

15:09:20.0758 1452        Wecsvc - ok

15:09:20.0836 1452        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

15:09:20.0868 1452        wercplsupport - ok

15:09:20.0946 1452        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

15:09:21.0008 1452        WerSvc - ok

15:09:21.0070 1452        WIBUKEY         (4d7602b0b5ca33720cbe08cbc4a9d8e3) C:\Windows\system32\DRIVERS\WibuKey.sys

15:09:21.0117 1452        WIBUKEY - ok

15:09:21.0148 1452        Wibukey2        (1ac50e90995649803bacab62f5f48e2a) C:\Windows\system32\drivers\wibukey2.sys

15:09:21.0195 1452        Wibukey2 ( UnsignedFile.Multi.Generic ) - warning

15:09:21.0195 1452        Wibukey2 - detected UnsignedFile.Multi.Generic (1)

15:09:21.0320 1452        winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

15:09:21.0351 1452        winachsf - ok

15:09:21.0538 1452        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

15:09:21.0554 1452        WinDefend - ok

15:09:21.0554 1452        WinHttpAutoProxySvc - ok

15:09:21.0741 1452        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

15:09:21.0772 1452        Winmgmt - ok

15:09:22.0131 1452        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

15:09:22.0225 1452        WinRM - ok

15:09:22.0350 1452        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

15:09:22.0412 1452        Wlansvc - ok

15:09:22.0443 1452        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:09:22.0459 1452        WmiAcpi - ok

15:09:22.0615 1452        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

15:09:22.0662 1452        wmiApSrv - ok

15:09:22.0911 1452        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

15:09:23.0098 1452        WMPNetworkSvc - ok

15:09:23.0130 1452        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

15:09:23.0161 1452        WPDBusEnum - ok

15:09:23.0301 1452        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

15:09:23.0364 1452        WpdUsb - ok

15:09:23.0769 1452        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:09:23.0894 1452        WPFFontCache_v0400 - ok

15:09:24.0081 1452        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

15:09:24.0144 1452        ws2ifsl - ok

15:09:24.0222 1452        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

15:09:24.0253 1452        wscsvc - ok

15:09:24.0300 1452        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:09:24.0315 1452        WSDPrintDevice - ok

15:09:24.0331 1452        WSearch - ok

15:09:25.0064 1452        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

15:09:25.0314 1452        wuauserv - ok

15:09:25.0563 1452        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:09:25.0610 1452        WUDFRd - ok

15:09:25.0750 1452        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

15:09:25.0766 1452        wudfsvc - ok

15:09:25.0813 1452        XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

15:09:25.0860 1452        XAudio - ok

15:09:26.0000 1452        XAudioService   (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe

15:09:26.0047 1452        XAudioService - ok

15:09:26.0094 1452        MBR (0x1B8)     (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0

15:09:28.0558 1452        \Device\Harddisk0\DR0 - ok

15:09:28.0590 1452        Boot (0x1200)   (49a764a290c4d05be3a9fdffff1d90bb) \Device\Harddisk0\DR0\Partition0

15:09:28.0590 1452        \Device\Harddisk0\DR0\Partition0 - ok

15:09:28.0605 1452        Boot (0x1200)   (7f0fc9d758beb7b22e2ffd824da3a7dc) \Device\Harddisk0\DR0\Partition1

15:09:28.0652 1452        \Device\Harddisk0\DR0\Partition1 - ok

15:09:28.0652 1452        ============================================================

15:09:28.0652 1452        Scan finished

15:09:28.0652 1452        ============================================================

15:09:28.0652 5796        Detected object count: 12

15:09:28.0652 5796        Actual detected object count: 12

15:10:03.0050 5796        BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0050 5796        BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0050 5796        ETService ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0050 5796        ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0050 5796        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0050 5796        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0050 5796        IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0050 5796        IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        int15 ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        o2flash ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:10:03.0066 5796        Wibukey2 ( UnsignedFile.Multi.Generic ) - skipped by user

15:10:03.0066 5796        Wibukey2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Und nun? Wie gehts weiter?