Problem mit Searchqu

beaulieu · 21.05.2012, 15:55

Hallo an alle,

ich habe das gleiche Problem wie bereits einige andere User vor mir, nämlich habe ich ungewollt searchqu als Startseite und auch als Suchmaschine in der Browser-Adressleiste eingestellt. Sorry, dass ich ein neues Thema erstelle und das Forum damit zuspamme, aber das scheint hier ja sogar erwünscht zu sein

Mein Virenscanner erkennt keinen Virus auf dem Rechner, auch wenn ich schon auf verschiedenen Seiten gelesen habe, dass es sich bei searchqu um einen Trojaner handeln soll.

Ich habe nicht das übliche Proggi Ilivid installiert und habe auch keinen derartigen Ordner in meinen Programmfiles, finde es bei der Suche und auch in der Systemsteuerung unter Programme nicht; ich habe allerdings einen Ordner c:\program files\windows searchqu toolbar. Deinstalliert habe ich jetzt erstmal noch nichts.

Ich habe einen OTL-Check durchgeführt, die logs findet ihr im Anhang.

Vielen Dank im Voraus für eure Hilfe!

cosinus · 21.05.2012, 19:19

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

beaulieu · 22.05.2012, 22:20

Hey Arne und hey Rest-Board

erstmal danke ich dir für deine schnelle und nette Antwort!

Mein Problem ist nun, dass ich meinen Firefox nicht mehr verwenden kann, um mir das Antivirenprogramm runterzuladen. Starte ich meinen Browser, hängt sich das Programm und mein gesamtes System gleich mit auf.

Ich habe zur Vorsicht mal in der Systemsteuerung die Wlan-Karte deaktiviert, um aus- und eingehenden Datenverkehr komplett zu unterbinden, keine Ahnung, ob das so klug ist.

Ich lade mir gerade bei einem Nachbarn Malwarebytes runter und werde sobald wie möglich einen Scan ausführen. Dazu werd ich natürlich meine Wlan-Karte wieder aktivieren, um das Update auszuführen, falls jetzt niemand ausdrücklich das Gegenteil empfiehlt.

Keine Ahnung, was genau mit meinem Rechner los ist, aber ich bin auf jeden Fall an der Sache dran.

Danke nochmals für die Hilfe, Maurice

Das größere Problem, fällt mir gerade auf, ist natürlich der ESET-Online-Check, den ich leider nicht ausführen kann, wenn mein Browser nicht funktioniert....

cosinus · 23.05.2012, 09:27

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

beaulieu · 23.05.2012, 16:58

So. Im abgesicherten Modus hat natürlich alles wieder prächtig funktioniert. Danke für den Tipp.

Hier ist die log-file vom ersten Scan, also Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
MCDB MOBIL :: MCDB-MOBIL [Administrator]

Schutz: Deaktiviert

23.05.2012 14:01:02
mbam-log-2012-05-23 (16-12-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393785
Laufzeit: 1 Stunde(n), 17 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Keine Aktion durchgeführt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alle Funde habe ich vom Programm entfernen lassen.

Der ESET-Scan läuft, und zwar schon seit knapp 2 Stunden. Scheint etwas länger zu dauern; die Scan-Ergebnisse kommen, sobald er fertig ist.

cosinus · 23.05.2012, 20:11

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

beaulieu · 23.05.2012, 22:13

Nein, ich habe das Programm gestern installiert und erst einen Scan laufen lassen. Ich habe also nur diesen einen Scan-Log. Brauchst du auch die Protection-Logs?

Hier ist wie gewünscht und angekündigt der ESET-Scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7000353930c5744c8a1151aea08cd74a
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 02:23:06
# local_time=2012-05-23 04:23:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 48500461 175315392 0 0
# compatibility_mode=8192 67108863 100 0 168 168 0 0
# scanned=851
# found=0
# cleaned=0
# scan_time=296
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7000353930c5744c8a1151aea08cd74a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 06:23:22
# local_time=2012-05-23 08:23:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 48507365 175322296 0 0
# compatibility_mode=8192 67108863 100 0 7072 7072 0 0
# scanned=206988
# found=4
# cleaned=0
# scan_time=7808
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\MCDB MOBIL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I

Nochmals: Vielen Dank für deine Hilfe!

Was mache ich jetzt als nächstes?

cosinus · 24.05.2012, 20:20

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

beaulieu · 24.05.2012, 21:55

Hier ist das Ergebnis:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.05.2012 22:23:07 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\MCDB MOBIL\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 82,67% Memory free
6,02 Gb Paging File | 5,71 Gb Available in Paging File | 94,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 23,66 Gb Free Space | 16,41% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 9,81 Gb Free Space | 6,80% Space Free | Partition Type: NTFS
Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys ()
DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys ()
DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys ()
DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys ()
DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys ()
DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys ()
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH)
DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH)
DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH)
DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH)
DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()
DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M]
 
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions
[2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions
[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml
[2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml
[2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
[2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.24 22:15:50 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes
[2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe
[2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.24 22:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.24 22:18:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.24 22:15:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.05.24 22:15:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.24 22:15:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar
[2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job
[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job
[2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe
[2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf
[2012.05.20 21:37:25 | 155,429,843 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3
[2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.13 14:44:11 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 14:44:11 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 14:44:11 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 14:44:11 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf
[2012.05.20 21:29:17 | 155,429,843 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love(1).mp3
[2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.05.20 21:10:59 | 422,404,193 | ---- | C] () -- C:\Users\MCDB MOBIL\Desktop\from springergasse with love.flac
[2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat
[2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll
[2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe
[2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys
[2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys
[2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro
[2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox
[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000
[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software
[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon
[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView
[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon
[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job
[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job
[2012.05.24 22:18:11 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe
[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink
[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro
[2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX
[2012.05.24 22:17:32 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox
[2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss
[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000
[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software
[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities
[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon
[2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel
[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView
[2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech
[2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia
[2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes
[2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft
[2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla
[2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real
[2012.05.24 22:17:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype
[2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc
[2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR
[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe
[2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe
[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1

< End of report >

--- --- ---

Erneut ein fettes

!!!! What to do next?

PS: Mir fällt gerade ein, dass ich vielleicht erwähnen sollte, das ich auch diesen Scan im Abgesicherten Modus mit Netzwerktreibern durchgeführt habe, um die von dir angegebene Liste aus meinem Browser in OTL kopieren zu können. Es sind also wahrscheinlich nicht alle Prozesse aufgeführt, die im normalen Betrieb laufen würden. Ich hoffe, das ist kein Problem?!

Wenn doch, mache ich den Scan natürlich nochmal und kopiere deine Liste vorher in ein txt-Dokument!

PPS: Kann es zu weiteren Problemen kommen, wenn ich meine wichtigen Daten sichere? Also meine Musiksammlung und meine Daten für die Dissertation und so?

cosinus · 25.05.2012, 10:34

Achso ja, mach das lieber nochmal im normalen Modus. Den abgesicherten nur wenn ich es schreibe oder es Probleme im normalen Modus gibt

Die Datensicherung kannst du auf jeden Fall tun, Backups sind immer eine gute Idee

beaulieu · 25.05.2012, 15:49

Im normalen, nicht abgesicherten Modus ist der Scan einmal durchgelaufen, das Programm hat sich jedoch direkt im Anschluss aufgehängt, und keine neue log-Datei ausgespuckt. In der alten olt.txt steht noch das Datum und die Zeit von dem Scan, den ich dir vorhin gepostet habe. Zudem hat sich der größte Teil der Prozesse auf meinem PC beendet, darunter auch die explorer.exe.

Windows wollte seinen Bericht schicken, der folgende Dateien umfasst. Diese hätte ich gern eingefügt, aber sie sind - oh Wunder - nicht mehr im angegebenen Ordner... (Ich hab natürlich die versteckten Dateien anzeigen lassen).

Code:

ATTFilter

  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERCC07.tmp.version.txt
  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED0F.tmp.appcompat.txt
  C:\Users\MCDB MOBIL\AppData\Local\Temp\WERED3F.tmp.mdmp

Ich denke mal, das fällt unter deine Aussage, dass uU ein Neustart erforderlich sei. Ich mach das jetzt mal und mach dann noch nen Scan bei

So. Frühschuss. Nach dem Neustart öffnete sich eine txt-Datei mit folgendem Inhalt:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Amazon.de" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchnu.com/410" removed from browser.startup.homepage
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=" removed from keyword.URL
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml moved successfully.
C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
C:\Programme\DealPly\DealPlyIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zinit32 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid deleted successfully.
C:\Programme\Xvid\CheckUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll deleted successfully.
C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f156b99-c410-11e0-a1ff-002269cd54da}\ not found.
File F:\Setup.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf3c390f-ca00-11e0-bb1e-000000000000}\ not found.
File G:\LaunchU3.exe not found.
C:\found.002\dir0002.chk folder moved successfully.
C:\found.002\dir0001.chk folder moved successfully.
C:\found.002\dir0000.chk folder moved successfully.
C:\found.002 folder moved successfully.
C:\wilog.exe moved successfully.
ADS C:\ProgramData\TEMP:A4C0DDD1 deleted successfully.
========== FILES ==========
File\Folder C:\Programme\Windows Searchqu Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56550 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: MCDB MOBIL
->Temp folder emptied: 6950295081 bytes
->Temporary Internet Files folder emptied: 562400735 bytes
->Java cache emptied: 216482 bytes
->FireFox cache emptied: 106699039 bytes
->Flash cache emptied: 15265666 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3707408537 bytes
RecycleBin emptied: 5615031687 bytes
 
Total Files Cleaned = 16.172,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: MCDB MOBIL
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05252012_140735

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ich hoffe, das Problem ist damit behoben? Der Rechner läuft jedenfalls wieder schnell, rund und sauber, die Startseite bleibt auch die gleiche und überhaupt hab ich nen echt gutes Gefühl! Vielen, vielen, vielen lieben Dank für deine überaus nette und kompetente Hilfe!!!

beaulieu · 25.05.2012, 11:58

Und nochmal.. Hat ne ganze Weile gedauert, mein Laptop hat sich zwischendrin einige Male aufgehängt... :/

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.05.2012 12:34:40 - Run 3
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\MCDB MOBIL\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,98% Memory free
6,03 Gb Paging File | 4,33 Gb Available in Paging File | 71,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 27,53 Gb Free Space | 19,09% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 44,50 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
Drive E: | 146,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MCDB-MOBIL | User Name: MCDB MOBIL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MCDB MOBIL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\MCDBMO~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Native Instruments\Traktor 2\Traktor.exe (Native Instruments Software Synthesis GmbH)
PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
PRC - C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - c:\Programme\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - c:\Programme\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (o2flash) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsleead1a3b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsleead1a3b.sys File not found
DRV - (MpKslcdd1db3d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKslcdd1db3d.sys File not found
DRV - (MpKsla94dd66c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla94dd66c.sys File not found
DRV - (MpKsla7cd4637) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsla7cd4637.sys File not found
DRV - (MpKsl738c0217) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl738c0217.sys File not found
DRV - (MpKsl032aec9e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADF88A59-D016-4E93-A271-A8753B250DEB}\MpKsl032aec9e.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (kx1avs) -- C:\Windows\System32\drivers\kx1avs.sys (Native Instruments GmbH)
DRV - (kx1usb_svc) -- C:\Windows\System32\drivers\kx1usb.sys (Native Instruments GmbH)
DRV - (a4djavs) -- C:\Windows\System32\drivers\a4djavs.sys (Native Instruments GmbH)
DRV - (a4djusb_svc) -- C:\Windows\System32\drivers\a4djusb.sys (Native Instruments GmbH)
DRV - (WIBUKEY) -- C:\Windows\System32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)
DRV - (U46_AA) -- C:\Windows\System32\drivers\U46DRV.sys ()
DRV - (U46WDM1_01) -- C:\Windows\System32\drivers\U46wdm.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option N.V.)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Wibukey2) -- C:\Windows\System32\drivers\wibukey2.sys (WIBU-SYSTEMS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.gmx.de/hxxp://www.facebook.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{545F0CC8-4BFD-4B49-86B7-60B4B97ED085}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/410"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MCDB MOBIL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.08.14 04:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.24 18:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.08 16:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.01 22:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 00:53:30 | 000,000,000 | ---D | M]
 
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Extensions
[2012.05.21 15:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions
[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml
[2011.11.30 15:19:57 | 000,001,836 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\leo-deu-ita.xml
[2011.09.01 00:24:05 | 000,002,057 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\youtube-videosuche.xml
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.12 10:54:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.08 16:26:49 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012.05.10 14:49:43 | 000,056,640 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI
[2012.01.06 14:28:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MCDB MOBIL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GC7FMAAP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.01 22:22:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.12 10:54:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoRun] C:\Program Files\BEWERBUNGS-MASTER\UpdateCheck_BEWERBUNGSMASTER.exe File not found
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\Huawei Modems\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [JamInit] C:\Windows\System32\U46Pan.exe (EGO SYS)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57568192-B748-42B5-99E6-0F2B0A652945}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABCBB7F-92EE-48C5-A12E-BA22BE04EBB0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.25 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.05.24 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\Desktop\logs
[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.05.23 16:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 08:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.21 22:00:05 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes
[2012.05.21 21:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.21 21:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.21 21:59:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.21 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.21 16:25:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe
[2012.05.20 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012.05.20 21:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.05.20 21:20:59 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.05.20 21:20:58 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.05.20 21:20:58 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.05.20 21:20:57 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.05.20 21:20:57 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.05.20 21:20:56 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.05.20 21:20:56 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.05.20 21:20:55 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2012.05.20 21:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.05.09 02:57:18 | 000,000,000 | ---D | C] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.05.09 02:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012.05.09 02:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.25 12:12:58 | 000,634,630 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.25 12:12:58 | 000,601,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.25 12:12:58 | 000,128,742 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.25 12:12:58 | 000,106,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.25 12:06:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.05.25 12:05:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 12:05:12 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 12:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.25 12:04:44 | 3129,753,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.25 11:58:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.24 20:22:45 | 002,264,817 | ---- | M] () -- C:\Users\MCDB MOBIL\Desktop\Studienbescheinigung Maurice Chales de Beaulieu.rar
[2012.05.24 12:08:56 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job
[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job
[2012.05.22 08:36:55 | 329,299,620 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.21 22:02:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 16:25:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\MCDB MOBIL\Desktop\OTL.exe
[2012.05.21 13:31:28 | 000,125,683 | ---- | M] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf
[2012.05.14 17:19:44 | 000,436,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.01 15:24:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.28 23:49:56 | 000,078,848 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.05.25 12:04:44 | 3129,753,600 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.24 12:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.21 21:59:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.21 13:31:23 | 000,125,683 | ---- | C] () -- C:\Users\MCDB MOBIL\Documents\SDL_DAAD_22-4-2012.rtf
[2012.05.20 21:20:59 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.05.20 21:20:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.05.01 15:24:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.12.01 22:39:27 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.16 00:30:52 | 000,000,680 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\d3d9caps.dat
[2011.09.26 00:14:15 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll
[2011.09.26 00:14:15 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe
[2011.09.26 00:14:15 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys
[2011.09.26 00:14:15 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys
[2011.08.01 00:18:17 | 000,078,848 | ---- | C] () -- C:\Users\MCDB MOBIL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.31 23:41:55 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.31 23:41:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.11.01 10:49:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.07 14:21:53 | 000,150,592 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
 
========== LOP Check ==========
 
[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro
[2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox
[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000
[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software
[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon
[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView
[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon
[2012.05.22 22:28:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006Core.job
[2012.05.22 22:28:05 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2543863813-3556674402-2221666697-1006UA.job
[2012.05.25 11:58:56 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.31 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Adobe
[2012.05.09 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Amazon
[2012.02.16 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.10.14 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\CyberLink
[2011.08.14 04:15:42 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DAEMON Tools Pro
[2011.08.05 01:01:44 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\DivX
[2012.05.25 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox
[2011.12.06 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\dvdcss
[2012.05.14 16:24:24 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\foobar2000
[2012.02.07 00:01:20 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Foxit Software
[2012.05.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\FreeAudioPack
[2011.07.28 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Identities
[2011.07.28 00:30:01 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Infineon
[2012.01.20 01:31:02 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Intel
[2011.11.22 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\IrfanView
[2011.07.28 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Logitech
[2009.04.24 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia
[2012.05.21 22:00:05 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Malwarebytes
[2012.05.20 21:25:04 | 000,000,000 | --SD | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Microsoft
[2011.07.28 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla
[2012.05.21 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Real
[2012.05.25 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Skype
[2012.03.24 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\vlc
[2011.08.04 18:14:47 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\WinRAR
[2011.08.01 00:18:25 | 000,000,000 | ---D | M] -- C:\Users\MCDB MOBIL\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.16 20:20:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.31 18:10:02 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.05.21 13:46:49 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2012.05.21 16:48:18 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe
[2012.05.21 16:46:59 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\MCDB MOBIL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.09.19 10:07:22 | 000,094,208 | ---- | M] () -- C:\BSBMInst.exe
[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1

< End of report >

--- --- ---

cosinus · 25.05.2012, 12:12

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=1008&m=travelmate_6593
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/410
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/410"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - user.js - File not found
[2011.07.31 23:43:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.01 22:38:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\MCDB MOBIL\AppData\Roaming\mozilla\Firefox\Profiles\gc7fmaap.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.11.25 20:57:26 | 000,001,984 | ---- | M] () -- C:\Users\MCDB MOBIL\AppData\Roaming\Mozilla\Firefox\Profiles\gc7fmaap.default\searchplugins\grooveshark.xml
[2012.05.20 21:22:10 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.08.03 00:04:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.05.20 21:21:19 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {120A8821-2BEE-4C29-BCDA-62C577781992} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [zinit32] C:\Windows\ZInit32.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\MCDB MOBIL\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Xvid] C:\Programme\Xvid\CheckUpdate.exe ()
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell - "" = AutoRun
O33 - MountPoints2\{2f156b99-c410-11e0-a1ff-002269cd54da}\Shell\AutoRun\command - "" = F:\Setup.exe -auto
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{bf3c390f-ca00-11e0-bb1e-000000000000}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
[2012.05.24 20:40:53 | 000,000,000 | -HSD | C] -- C:\found.002
[2009.04.24 19:00:52 | 000,000,000 | ---- | M] () -- C:\wilog.exe
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A4C0DDD1
:Files
C:\Programme\Windows Searchqu Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

cosinus · 25.05.2012, 22:54

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

beaulieu · 26.05.2012, 14:14

Done. Hier die Daten aus dem Report. Ich hab erstmal alles geskippt, wie du gesagt hast. Einige Funde kann ich käuflich erworbenen Programmen zuordnen, bsp NI (=Native Instruments)..

Code:

ATTFilter

15:07:37.0252 4172	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
15:07:37.0533 4172	============================================================
15:07:37.0533 4172	Current date / time: 2012/05/26 15:07:37.0533
15:07:37.0533 4172	SystemInfo:
15:07:37.0533 4172	
15:07:37.0533 4172	OS Version: 6.0.6002 ServicePack: 2.0
15:07:37.0533 4172	Product type: Workstation
15:07:37.0533 4172	ComputerName: MCDB-MOBIL
15:07:37.0533 4172	UserName: MCDB MOBIL
15:07:37.0533 4172	Windows directory: C:\Windows
15:07:37.0533 4172	System windows directory: C:\Windows
15:07:37.0533 4172	Processor architecture: Intel x86
15:07:37.0533 4172	Number of processors: 2
15:07:37.0533 4172	Page size: 0x1000
15:07:37.0533 4172	Boot type: Normal boot
15:07:37.0533 4172	============================================================
15:07:38.0875 4172	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:07:38.0875 4172	============================================================
15:07:38.0875 4172	\Device\Harddisk0\DR0:
15:07:38.0875 4172	MBR partitions:
15:07:38.0875 4172	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000
15:07:38.0875 4172	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800
15:07:38.0875 4172	============================================================
15:07:38.0937 4172	C: <-> \Device\Harddisk0\DR0\Partition0
15:07:39.0171 4172	D: <-> \Device\Harddisk0\DR0\Partition1
15:07:39.0187 4172	============================================================
15:07:39.0187 4172	Initialize success
15:07:39.0187 4172	============================================================
15:07:51.0324 1452	============================================================
15:07:51.0324 1452	Scan started
15:07:51.0324 1452	Mode: Manual; SigCheck; TDLFS; 
15:07:51.0324 1452	============================================================
15:08:06.0705 1452	a4djavs         (7b73a609a15979b16f2241636a2f5d13) C:\Windows\system32\Drivers\a4djavs.sys
15:08:06.0892 1452	a4djavs - ok
15:08:07.0080 1452	a4djusb_svc     (9aea2035649119f42c11e149af78d8c2) C:\Windows\system32\Drivers\a4djusb.sys
15:08:07.0111 1452	a4djusb_svc - ok
15:08:07.0220 1452	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:08:07.0251 1452	ACPI - ok
15:08:07.0704 1452	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:08:08.0016 1452	adp94xx - ok
15:08:08.0655 1452	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:08:08.0749 1452	adpahci - ok
15:08:08.0827 1452	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:08:08.0842 1452	adpu160m - ok
15:08:08.0936 1452	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:08:08.0967 1452	adpu320 - ok
15:08:09.0045 1452	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:08:09.0700 1452	AeLookupSvc - ok
15:08:10.0278 1452	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:08:10.0434 1452	AFD - ok
15:08:10.0855 1452	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:08:10.0855 1452	agp440 - ok
15:08:11.0089 1452	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:08:11.0120 1452	aic78xx - ok
15:08:11.0214 1452	AlfaFF          (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
15:08:11.0276 1452	AlfaFF - ok
15:08:11.0370 1452	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:08:12.0649 1452	ALG - ok
15:08:12.0696 1452	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:08:12.0727 1452	aliide - ok
15:08:12.0805 1452	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:08:12.0820 1452	amdagp - ok
15:08:12.0930 1452	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:08:12.0945 1452	amdide - ok
15:08:13.0148 1452	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:08:13.0273 1452	AmdK7 - ok
15:08:13.0616 1452	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:08:13.0756 1452	AmdK8 - ok
15:08:13.0928 1452	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:08:14.0084 1452	Appinfo - ok
15:08:15.0020 1452	AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
15:08:15.0192 1452	AppMgmt - ok
15:08:15.0628 1452	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:08:15.0706 1452	arc - ok
15:08:15.0847 1452	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:08:15.0878 1452	arcsas - ok
15:08:15.0925 1452	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:08:16.0065 1452	AsyncMac - ok
15:08:16.0190 1452	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:08:16.0206 1452	atapi - ok
15:08:16.0845 1452	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
15:08:16.0908 1452	atksgt - ok
15:08:17.0391 1452	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:08:17.0578 1452	AudioEndpointBuilder - ok
15:08:17.0594 1452	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:08:17.0610 1452	Audiosrv - ok
15:08:17.0890 1452	b57nd60x        (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:08:18.0062 1452	b57nd60x - ok
15:08:18.0187 1452	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:08:18.0234 1452	Beep - ok
15:08:18.0889 1452	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:08:19.0014 1452	BFE - ok
15:08:19.0622 1452	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:08:19.0794 1452	BITS - ok
15:08:19.0887 1452	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:08:19.0934 1452	blbdrive - ok
15:08:19.0981 1452	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:08:20.0028 1452	bowser - ok
15:08:20.0059 1452	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:08:20.0090 1452	BrFiltLo - ok
15:08:20.0121 1452	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:08:20.0168 1452	BrFiltUp - ok
15:08:20.0277 1452	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:08:20.0308 1452	Browser - ok
15:08:20.0371 1452	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:08:20.0558 1452	Brserid - ok
15:08:20.0792 1452	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:08:20.0870 1452	BrSerWdm - ok
15:08:20.0917 1452	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:08:21.0010 1452	BrUsbMdm - ok
15:08:21.0042 1452	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:08:21.0120 1452	BrUsbSer - ok
15:08:21.0166 1452	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
15:08:21.0229 1452	BthEnum - ok
15:08:21.0276 1452	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:08:21.0322 1452	BTHMODEM - ok
15:08:21.0416 1452	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
15:08:21.0463 1452	BthPan - ok
15:08:21.0712 1452	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
15:08:21.0790 1452	BTHPORT - ok
15:08:21.0822 1452	BthServ         (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
15:08:21.0853 1452	BthServ - ok
15:08:21.0900 1452	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
15:08:21.0900 1452	BTHUSB - ok
15:08:21.0978 1452	btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
15:08:21.0993 1452	btwaudio - ok
15:08:22.0024 1452	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
15:08:22.0040 1452	btwavdt - ok
15:08:22.0056 1452	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
15:08:22.0071 1452	btwrchid - ok
15:08:22.0227 1452	BUNAgentSvc     (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
15:08:22.0258 1452	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
15:08:22.0258 1452	BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
15:08:22.0290 1452	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:08:22.0352 1452	cdfs - ok
15:08:22.0383 1452	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:08:22.0430 1452	cdrom - ok
15:08:22.0461 1452	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:08:22.0492 1452	CertPropSvc - ok
15:08:22.0524 1452	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:08:22.0586 1452	circlass - ok
15:08:22.0648 1452	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:08:22.0664 1452	CLFS - ok
15:08:22.0804 1452	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:22.0820 1452	clr_optimization_v2.0.50727_32 - ok
15:08:22.0929 1452	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:08:22.0960 1452	clr_optimization_v4.0.30319_32 - ok
15:08:23.0007 1452	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:08:23.0054 1452	CmBatt - ok
15:08:23.0101 1452	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:08:23.0116 1452	cmdide - ok
15:08:23.0132 1452	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:08:23.0148 1452	Compbatt - ok
15:08:23.0148 1452	COMSysApp - ok
15:08:23.0163 1452	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:08:23.0163 1452	crcdisk - ok
15:08:23.0179 1452	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:08:23.0226 1452	Crusoe - ok
15:08:23.0288 1452	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:08:23.0319 1452	CryptSvc - ok
15:08:23.0382 1452	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
15:08:23.0444 1452	CSC - ok
15:08:23.0506 1452	CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
15:08:23.0553 1452	CscService - ok
15:08:23.0647 1452	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:08:23.0709 1452	DcomLaunch - ok
15:08:23.0772 1452	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:08:23.0834 1452	DfsC - ok
15:08:24.0942 1452	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:08:25.0082 1452	DFSR - ok
15:08:25.0534 1452	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:08:25.0566 1452	Dhcp - ok
15:08:25.0675 1452	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:08:25.0690 1452	disk - ok
15:08:25.0737 1452	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:08:25.0753 1452	DKbFltr - ok
15:08:25.0909 1452	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:08:25.0971 1452	Dnscache - ok
15:08:26.0143 1452	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:08:26.0158 1452	dot3svc - ok
15:08:26.0330 1452	dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:08:26.0377 1452	dot4 - ok
15:08:26.0408 1452	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:08:26.0455 1452	Dot4Print - ok
15:08:26.0502 1452	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:08:26.0533 1452	dot4usb - ok
15:08:26.0580 1452	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:08:26.0611 1452	DPS - ok
15:08:26.0642 1452	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:08:26.0673 1452	drmkaud - ok
15:08:26.0985 1452	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:08:27.0016 1452	DXGKrnl - ok
15:08:27.0079 1452	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:08:27.0110 1452	E1G60 - ok
15:08:27.0172 1452	e1yexpress      (76a02bc4e8008a8cbaf5cc7efb9df839) C:\Windows\system32\DRIVERS\e1y6032.sys
15:08:27.0188 1452	e1yexpress - ok
15:08:27.0219 1452	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:08:27.0235 1452	EapHost - ok
15:08:27.0250 1452	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:08:27.0266 1452	Ecache - ok
15:08:27.0360 1452	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:08:27.0438 1452	elxstor - ok
15:08:27.0516 1452	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:08:27.0578 1452	EMDMgmt - ok
15:08:27.0609 1452	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:08:27.0625 1452	ErrDev - ok
15:08:27.0781 1452	ETService       (a51fd9df23720485991f56741bbefcfb) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:08:27.0812 1452	ETService ( UnsignedFile.Multi.Generic ) - warning
15:08:27.0812 1452	ETService - detected UnsignedFile.Multi.Generic (1)
15:08:28.0093 1452	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:08:28.0140 1452	EventSystem - ok
15:08:28.0327 1452	EvtEng          (53cca6b4df0977074e85c9a18f42b5cc) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:08:28.0452 1452	EvtEng - ok
15:08:28.0561 1452	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:08:28.0608 1452	exfat - ok
15:08:28.0639 1452	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:08:28.0686 1452	fastfat - ok
15:08:28.0951 1452	Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
15:08:29.0044 1452	Fax - ok
15:08:29.0076 1452	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:08:29.0122 1452	fdc - ok
15:08:29.0154 1452	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:08:29.0185 1452	fdPHost - ok
15:08:29.0216 1452	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:08:29.0263 1452	FDResPub - ok
15:08:29.0310 1452	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:08:29.0310 1452	FileInfo - ok
15:08:29.0325 1452	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:08:29.0372 1452	Filetrace - ok
15:08:29.0403 1452	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:08:29.0434 1452	flpydisk - ok
15:08:29.0481 1452	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:08:29.0512 1452	FltMgr - ok
15:08:29.0731 1452	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:08:29.0840 1452	FontCache - ok
15:08:30.0043 1452	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:08:30.0058 1452	FontCache3.0.0.0 - ok
15:08:30.0090 1452	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:08:30.0136 1452	Fs_Rec - ok
15:08:30.0152 1452	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:08:30.0168 1452	gagp30kx - ok
15:08:30.0214 1452	GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:08:30.0230 1452	GEARAspiWDM - ok
15:08:30.0433 1452	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:08:30.0495 1452	gpsvc - ok
15:08:30.0542 1452	GT72NDISIPXP    (19ad11dba7f1a302008332a3ad360b3c) C:\Windows\system32\DRIVERS\Gt51Ip.sys
15:08:30.0589 1452	GT72NDISIPXP - ok
15:08:30.0636 1452	GT72UBUS        (0aecf7b4b784c6257287fe9230d1163e) C:\Windows\system32\DRIVERS\gt72ubus.sys
15:08:30.0682 1452	GT72UBUS - ok
15:08:30.0714 1452	GTPTSER         (4b915d813b7892ba0a08620f82991a82) C:\Windows\system32\DRIVERS\gtptser.sys
15:08:30.0745 1452	GTPTSER - ok
15:08:30.0823 1452	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:08:30.0901 1452	HdAudAddService - ok
15:08:31.0041 1452	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:08:31.0104 1452	HDAudBus - ok
15:08:31.0166 1452	HECI            (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
15:08:31.0197 1452	HECI - ok
15:08:31.0213 1452	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:08:31.0260 1452	HidBth - ok
15:08:31.0431 1452	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:08:31.0525 1452	HidIr - ok
15:08:31.0618 1452	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:08:31.0650 1452	hidserv - ok
15:08:31.0712 1452	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:08:31.0759 1452	HidUsb - ok
15:08:31.0852 1452	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:08:31.0915 1452	hkmsvc - ok
15:08:32.0040 1452	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:08:32.0055 1452	HpCISSs - ok
15:08:32.0196 1452	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:08:32.0242 1452	HSFHWAZL - ok
15:08:32.0383 1452	HSF_DPV         (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:08:32.0508 1452	HSF_DPV - ok
15:08:32.0554 1452	HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:08:32.0570 1452	HSXHWAZL - ok
15:08:32.0632 1452	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:08:32.0710 1452	HTTP - ok
15:08:32.0757 1452	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:08:32.0773 1452	i2omp - ok
15:08:32.0820 1452	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:08:32.0866 1452	i8042prt - ok
15:08:32.0929 1452	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:08:32.0944 1452	iaStorV - ok
15:08:33.0069 1452	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:08:33.0100 1452	IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:08:33.0100 1452	IDriverT - detected UnsignedFile.Multi.Generic (1)
15:08:33.0366 1452	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:08:33.0397 1452	idsvc - ok
15:08:33.0678 1452	IFXSpMgtSrv     (204ac659f069616ae00627a1b467655d) c:\Windows\system32\ifxspmgt.exe
15:08:33.0693 1452	IFXSpMgtSrv - ok
15:08:33.0834 1452	IFXTCS          (02b893d0b89e0b28881a1cab6f337a0b) C:\Windows\System32\IFXTCS.exe
15:08:33.0990 1452	IFXTCS - ok
15:08:34.0816 1452	IGBASVC         (e70b9c83ddb6d86f9d1bdfad04757a3f) C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
15:08:36.0626 1452	IGBASVC ( UnsignedFile.Multi.Generic ) - warning
15:08:36.0626 1452	IGBASVC - detected UnsignedFile.Multi.Generic (1)
15:08:39.0106 1452	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:08:40.0542 1452	igfx - ok
15:08:40.0854 1452	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:08:40.0869 1452	iirsp - ok
15:08:41.0056 1452	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:08:41.0103 1452	IKEEXT - ok
15:08:41.0166 1452	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
15:08:41.0181 1452	int15 ( UnsignedFile.Multi.Generic ) - warning
15:08:41.0181 1452	int15 - detected UnsignedFile.Multi.Generic (1)
15:08:41.0556 1452	IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
15:08:41.0696 1452	IntcAzAudAddService - ok
15:08:41.0946 1452	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:08:41.0961 1452	intelide - ok
15:08:42.0039 1452	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:08:42.0070 1452	intelppm - ok
15:08:42.0211 1452	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:08:42.0226 1452	IPBusEnum - ok
15:08:42.0258 1452	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:42.0304 1452	IpFilterDriver - ok
15:08:42.0429 1452	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:08:42.0492 1452	iphlpsvc - ok
15:08:42.0492 1452	IpInIp - ok
15:08:42.0538 1452	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:08:42.0585 1452	IPMIDRV - ok
15:08:42.0616 1452	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:08:42.0663 1452	IPNAT - ok
15:08:42.0710 1452	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
15:08:42.0741 1452	irda - ok
15:08:42.0772 1452	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:08:42.0788 1452	IRENUM - ok
15:08:42.0835 1452	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
15:08:42.0897 1452	Irmon - ok
15:08:42.0975 1452	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:08:43.0006 1452	isapnp - ok
15:08:43.0069 1452	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:08:43.0084 1452	iScsiPrt - ok
15:08:43.0116 1452	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:08:43.0116 1452	iteatapi - ok
15:08:43.0162 1452	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:08:43.0162 1452	iteraid - ok
15:08:43.0194 1452	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:08:43.0194 1452	kbdclass - ok
15:08:43.0225 1452	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:08:43.0256 1452	kbdhid - ok
15:08:43.0287 1452	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:43.0318 1452	KeyIso - ok
15:08:43.0443 1452	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:08:43.0474 1452	KSecDD - ok
15:08:43.0615 1452	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:08:43.0677 1452	KtmRm - ok
15:08:43.0740 1452	kx1avs          (6f46978fef08f9da6a02ff15d02ab7b0) C:\Windows\system32\Drivers\kx1avs.sys
15:08:43.0771 1452	kx1avs - ok
15:08:43.0802 1452	kx1usb_svc      (7ac9f0e7b8dd10c4366dfda697481c1f) C:\Windows\system32\Drivers\kx1usb.sys
15:08:43.0818 1452	kx1usb_svc - ok
15:08:43.0927 1452	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:08:43.0989 1452	LanmanServer - ok
15:08:44.0052 1452	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:08:44.0130 1452	LanmanWorkstation - ok
15:08:44.0379 1452	LBTServ         (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:08:44.0410 1452	LBTServ - ok
15:08:44.0473 1452	LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:08:44.0488 1452	LHidFilt - ok
15:08:44.0551 1452	LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:08:44.0551 1452	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:08:44.0551 1452	LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:08:44.0613 1452	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
15:08:44.0629 1452	lirsgt - ok
15:08:44.0660 1452	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:08:44.0691 1452	lltdio - ok
15:08:44.0738 1452	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:08:44.0785 1452	lltdsvc - ok
15:08:44.0816 1452	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:08:44.0847 1452	lmhosts - ok
15:08:44.0878 1452	LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:08:44.0894 1452	LMouFilt - ok
15:08:44.0925 1452	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:08:44.0941 1452	LSI_FC - ok
15:08:44.0972 1452	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:08:44.0988 1452	LSI_SAS - ok
15:08:45.0034 1452	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:08:45.0050 1452	LSI_SCSI - ok
15:08:45.0066 1452	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:08:45.0112 1452	luafv - ok
15:08:45.0190 1452	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
15:08:45.0190 1452	MBAMProtector - ok
15:08:45.0378 1452	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:08:45.0409 1452	MBAMService - ok
15:08:45.0440 1452	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:08:45.0471 1452	mdmxsdk - ok
15:08:45.0518 1452	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:08:45.0534 1452	megasas - ok
15:08:45.0612 1452	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:08:45.0627 1452	MegaSR - ok
15:08:45.0768 1452	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:08:45.0814 1452	MMCSS - ok
15:08:45.0846 1452	MobilityService - ok
15:08:45.0939 1452	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:08:45.0986 1452	Modem - ok
15:08:46.0033 1452	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:08:46.0064 1452	monitor - ok
15:08:46.0064 1452	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:08:46.0080 1452	mouclass - ok
15:08:46.0126 1452	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:08:46.0142 1452	mouhid - ok
15:08:46.0158 1452	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:08:46.0173 1452	MountMgr - ok
15:08:46.0220 1452	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:08:46.0236 1452	MpFilter - ok
15:08:46.0282 1452	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:08:46.0298 1452	mpio - ok
15:08:46.0516 1452	MpKsl81ccb632   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D188C870-B71E-457F-8249-DB9FC8AC8DF5}\MpKsl81ccb632.sys
15:08:46.0532 1452	MpKsl81ccb632 - ok
15:08:46.0563 1452	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:08:46.0610 1452	mpsdrv - ok
15:08:46.0719 1452	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:08:46.0813 1452	MpsSvc - ok
15:08:46.0844 1452	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:08:46.0844 1452	Mraid35x - ok
15:08:46.0906 1452	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:08:46.0938 1452	MRxDAV - ok
15:08:47.0016 1452	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:47.0109 1452	mrxsmb - ok
15:08:47.0203 1452	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:47.0250 1452	mrxsmb10 - ok
15:08:47.0296 1452	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:47.0296 1452	mrxsmb20 - ok
15:08:47.0328 1452	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:08:47.0343 1452	msahci - ok
15:08:47.0374 1452	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:08:47.0374 1452	msdsm - ok
15:08:47.0421 1452	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:08:47.0452 1452	MSDTC - ok
15:08:47.0468 1452	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:08:47.0499 1452	Msfs - ok
15:08:47.0530 1452	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:08:47.0546 1452	msisadrv - ok
15:08:47.0577 1452	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:08:47.0624 1452	MSiSCSI - ok
15:08:47.0624 1452	msiserver - ok
15:08:47.0671 1452	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:08:47.0686 1452	MSKSSRV - ok
15:08:47.0842 1452	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:08:47.0858 1452	MsMpSvc - ok
15:08:47.0889 1452	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:47.0920 1452	MSPCLOCK - ok
15:08:47.0983 1452	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:08:48.0014 1452	MSPQM - ok
15:08:48.0139 1452	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:08:48.0154 1452	MsRPC - ok
15:08:48.0279 1452	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:08:48.0279 1452	mssmbios - ok
15:08:48.0326 1452	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:08:48.0357 1452	MSTEE - ok
15:08:48.0482 1452	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:08:48.0498 1452	Mup - ok
15:08:48.0560 1452	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:08:48.0591 1452	napagent - ok
15:08:48.0685 1452	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:08:48.0700 1452	NativeWifiP - ok
15:08:48.0841 1452	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:08:48.0872 1452	NDIS - ok
15:08:48.0934 1452	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:48.0981 1452	NdisTapi - ok
15:08:49.0012 1452	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:49.0044 1452	Ndisuio - ok
15:08:49.0122 1452	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:49.0184 1452	NdisWan - ok
15:08:49.0278 1452	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:08:49.0309 1452	NDProxy - ok
15:08:49.0356 1452	Net Driver HPZ12 (949941e4de88df1faf49a4b3cffb756f) C:\Windows\system32\HPZinw12.dll
15:08:49.0371 1452	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:08:49.0371 1452	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:08:49.0387 1452	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:08:49.0418 1452	NetBIOS - ok
15:08:49.0543 1452	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:08:49.0621 1452	netbt - ok
15:08:49.0652 1452	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:49.0652 1452	Netlogon - ok
15:08:49.0777 1452	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:08:49.0855 1452	Netman - ok
15:08:49.0948 1452	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:08:49.0980 1452	netprofm - ok
15:08:50.0198 1452	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:08:50.0214 1452	NetTcpPortSharing - ok
15:08:51.0540 1452	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:08:51.0930 1452	NETw5v32 - ok
15:08:52.0460 1452	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:08:52.0460 1452	nfrd960 - ok
15:08:53.0786 1452	NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
15:08:54.0753 1452	NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
15:08:54.0753 1452	NIHardwareService - detected UnsignedFile.Multi.Generic (1)
15:08:55.0346 1452	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:08:55.0362 1452	NisDrv - ok
15:08:55.0549 1452	NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:08:55.0580 1452	NisSrv - ok
15:08:55.0674 1452	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:08:55.0720 1452	NlaSvc - ok
15:08:55.0783 1452	nmwcd           (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
15:08:55.0861 1452	nmwcd - ok
15:08:55.0892 1452	nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
15:08:55.0939 1452	nmwcdc - ok
15:08:55.0986 1452	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:08:56.0017 1452	Npfs - ok
15:08:56.0095 1452	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
15:08:56.0142 1452	NSCIRDA - ok
15:08:56.0235 1452	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:08:56.0313 1452	nsi - ok
15:08:56.0360 1452	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:08:56.0407 1452	nsiproxy - ok
15:08:56.0781 1452	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:08:56.0984 1452	Ntfs - ok
15:08:57.0218 1452	NTIBackupSvc    (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:08:57.0265 1452	NTIBackupSvc - ok
15:08:57.0530 1452	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:08:57.0546 1452	NTIDrvr - ok
15:08:57.0608 1452	NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:08:57.0608 1452	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
15:08:57.0608 1452	NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
15:08:57.0639 1452	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:08:57.0686 1452	ntrigdigi - ok
15:08:57.0702 1452	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:08:57.0748 1452	Null - ok
15:08:57.0780 1452	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:08:57.0795 1452	nvraid - ok
15:08:57.0811 1452	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:08:57.0826 1452	nvstor - ok
15:08:57.0842 1452	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:08:57.0858 1452	nv_agp - ok
15:08:57.0904 1452	NWADI           (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys
15:08:57.0951 1452	NWADI - ok
15:08:57.0967 1452	NwlnkFlt - ok
15:08:57.0967 1452	NwlnkFwd - ok
15:08:58.0029 1452	o2flash         (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
15:08:58.0060 1452	o2flash ( UnsignedFile.Multi.Generic ) - warning
15:08:58.0060 1452	o2flash - detected UnsignedFile.Multi.Generic (1)
15:08:58.0107 1452	O2MDRDR         (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys
15:08:58.0123 1452	O2MDRDR - ok
15:08:58.0216 1452	O2SCBUS         (439ad52d13600ea69f4a4409b2968a51) C:\Windows\system32\DRIVERS\ozscr.sys
15:08:58.0232 1452	O2SCBUS - ok
15:08:58.0263 1452	O2SDRDR         (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
15:08:58.0279 1452	O2SDRDR - ok
15:08:58.0606 1452	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:08:58.0638 1452	odserv - ok
15:08:58.0669 1452	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:08:58.0684 1452	ohci1394 - ok
15:08:58.0747 1452	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:58.0762 1452	ose - ok
15:08:59.0028 1452	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:59.0090 1452	p2pimsvc - ok
15:08:59.0106 1452	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:59.0168 1452	p2psvc - ok
15:08:59.0246 1452	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
15:08:59.0308 1452	Parport - ok
15:08:59.0340 1452	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:08:59.0355 1452	partmgr - ok
15:08:59.0371 1452	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
15:08:59.0418 1452	Parvdm - ok
15:08:59.0449 1452	PCASp50 - ok
15:08:59.0464 1452	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:08:59.0511 1452	PcaSvc - ok
15:08:59.0589 1452	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:08:59.0605 1452	pci - ok
15:08:59.0620 1452	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:08:59.0636 1452	pciide - ok
15:08:59.0745 1452	pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:08:59.0761 1452	pcmcia - ok
15:08:59.0854 1452	PDFProFiltSrv   (abb10afe110b413cfbcc35fbd3970989) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
15:08:59.0870 1452	PDFProFiltSrv - ok
15:09:00.0042 1452	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:09:00.0151 1452	PEAUTH - ok
15:09:00.0213 1452	PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\Windows\System32\drivers\psd.sys
15:09:00.0244 1452	PersonalSecureDrive - ok
15:09:00.0260 1452	PersonalSecureDriveService (c30a73c602c09bc8404a18497ad24145) c:\Windows\system32\IfxPsdSv.exe
15:09:00.0307 1452	PersonalSecureDriveService - ok
15:09:00.0525 1452	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:09:00.0728 1452	pla - ok
15:09:00.0962 1452	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:09:01.0009 1452	PlugPlay - ok
15:09:01.0071 1452	Pml Driver HPZ12 (2f4ca141a609caf5c98f6e4760ef1b9b) C:\Windows\system32\HPZipm12.dll
15:09:01.0102 1452	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:09:01.0102 1452	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:09:01.0290 1452	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:09:01.0305 1452	PNRPAutoReg - ok
15:09:01.0321 1452	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:09:01.0383 1452	PNRPsvc - ok
15:09:01.0602 1452	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:09:01.0664 1452	PolicyAgent - ok
15:09:01.0726 1452	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:09:01.0758 1452	PptpMiniport - ok
15:09:01.0804 1452	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:09:01.0836 1452	Processor - ok
15:09:01.0898 1452	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:09:01.0945 1452	ProfSvc - ok
15:09:01.0976 1452	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:09:01.0992 1452	ProtectedStorage - ok
15:09:02.0038 1452	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:09:02.0085 1452	PSched - ok
15:09:02.0350 1452	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:09:02.0428 1452	ql2300 - ok
15:09:02.0444 1452	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:09:02.0460 1452	ql40xx - ok
15:09:02.0538 1452	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:09:02.0584 1452	QWAVE - ok
15:09:02.0600 1452	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:09:02.0631 1452	QWAVEdrv - ok
15:09:02.0694 1452	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:09:02.0740 1452	RasAcd - ok
15:09:02.0772 1452	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:09:02.0818 1452	RasAuto - ok
15:09:02.0850 1452	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:09:02.0881 1452	Rasl2tp - ok
15:09:03.0037 1452	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:09:03.0068 1452	RasMan - ok
15:09:03.0099 1452	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:09:03.0130 1452	RasPppoe - ok
15:09:03.0177 1452	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:09:03.0177 1452	RasSstp - ok
15:09:03.0380 1452	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:09:03.0427 1452	rdbss - ok
15:09:03.0442 1452	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:09:03.0474 1452	RDPCDD - ok
15:09:03.0614 1452	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
15:09:03.0661 1452	rdpdr - ok
15:09:03.0676 1452	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:09:03.0723 1452	RDPENCDD - ok
15:09:03.0957 1452	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:09:04.0004 1452	RDPWD - ok
15:09:04.0269 1452	RegSrvc         (7c4391419852dfc331f6af620c33af3c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:09:04.0378 1452	RegSrvc - ok
15:09:04.0441 1452	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:09:04.0472 1452	RemoteAccess - ok
15:09:04.0503 1452	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:09:04.0550 1452	RemoteRegistry - ok
15:09:04.0737 1452	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
15:09:04.0753 1452	RFCOMM - ok
15:09:04.0909 1452	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:09:05.0018 1452	RpcLocator - ok
15:09:05.0174 1452	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:09:05.0205 1452	RpcSs - ok
15:09:05.0299 1452	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:09:05.0346 1452	rspndr - ok
15:09:05.0377 1452	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:09:05.0377 1452	SamSs - ok
15:09:05.0439 1452	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:09:05.0455 1452	sbp2port - ok
15:09:05.0502 1452	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:09:05.0548 1452	SCardSvr - ok
15:09:05.0704 1452	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:09:05.0767 1452	Schedule - ok
15:09:05.0798 1452	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:09:05.0814 1452	SCPolicySvc - ok
15:09:05.0860 1452	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
15:09:05.0892 1452	sdbus - ok
15:09:06.0110 1452	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:09:06.0157 1452	SDRSVC - ok
15:09:06.0188 1452	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:09:06.0266 1452	secdrv - ok
15:09:06.0328 1452	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:09:06.0360 1452	seclogon - ok
15:09:06.0391 1452	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:09:06.0438 1452	SENS - ok
15:09:06.0453 1452	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:09:06.0500 1452	Serenum - ok
15:09:06.0718 1452	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:09:06.0843 1452	Serial - ok
15:09:06.0859 1452	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:09:06.0890 1452	sermouse - ok
15:09:07.0108 1452	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:09:07.0155 1452	SessionEnv - ok
15:09:07.0202 1452	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:09:07.0233 1452	sffdisk - ok
15:09:07.0264 1452	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:09:07.0296 1452	sffp_mmc - ok
15:09:07.0358 1452	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:09:07.0374 1452	sffp_sd - ok
15:09:07.0389 1452	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:09:07.0452 1452	sfloppy - ok
15:09:07.0608 1452	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:09:07.0654 1452	SharedAccess - ok
15:09:07.0826 1452	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:09:07.0857 1452	ShellHWDetection - ok
15:09:07.0888 1452	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:09:07.0904 1452	sisagp - ok
15:09:07.0920 1452	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:09:07.0935 1452	SiSRaid2 - ok
15:09:07.0966 1452	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:09:07.0982 1452	SiSRaid4 - ok
15:09:08.0122 1452	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
15:09:08.0138 1452	SkypeUpdate - ok
15:09:09.0292 1452	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:09:09.0745 1452	slsvc - ok
15:09:10.0150 1452	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:09:10.0166 1452	SLUINotify - ok
15:09:10.0306 1452	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:09:10.0338 1452	Smb - ok
15:09:10.0478 1452	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:09:10.0494 1452	SNMPTRAP - ok
15:09:10.0525 1452	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:09:10.0540 1452	spldr - ok
15:09:10.0603 1452	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:09:10.0650 1452	Spooler - ok
15:09:10.0774 1452	SQLWriter       (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:09:10.0806 1452	SQLWriter - ok
15:09:11.0008 1452	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:09:11.0086 1452	srv - ok
15:09:11.0133 1452	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:09:11.0164 1452	srv2 - ok
15:09:11.0211 1452	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:09:11.0258 1452	srvnet - ok
15:09:11.0336 1452	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:09:11.0398 1452	SSDPSRV - ok
15:09:11.0461 1452	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:09:11.0492 1452	SstpSvc - ok
15:09:11.0617 1452	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:09:11.0648 1452	stisvc - ok
15:09:11.0679 1452	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:09:11.0679 1452	swenum - ok
15:09:11.0742 1452	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:09:11.0788 1452	swprv - ok
15:09:11.0804 1452	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:09:11.0820 1452	Symc8xx - ok
15:09:11.0913 1452	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:09:11.0944 1452	Sym_hi - ok
15:09:11.0991 1452	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:09:12.0007 1452	Sym_u3 - ok
15:09:12.0069 1452	SynTP           (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
15:09:12.0085 1452	SynTP - ok
15:09:12.0194 1452	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:09:12.0272 1452	SysMain - ok
15:09:12.0303 1452	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:09:12.0319 1452	TabletInputService - ok
15:09:12.0366 1452	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:09:12.0428 1452	TapiSrv - ok
15:09:12.0444 1452	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:09:12.0490 1452	TBS - ok
15:09:12.0834 1452	Tcpip           (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
15:09:12.0896 1452	Tcpip - ok
15:09:12.0912 1452	Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
15:09:12.0943 1452	Tcpip6 - ok
15:09:13.0021 1452	tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
15:09:13.0083 1452	tcpipreg - ok
15:09:13.0146 1452	TcUsb           (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
15:09:13.0146 1452	TcUsb - ok
15:09:13.0177 1452	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:09:13.0224 1452	TDPIPE - ok
15:09:13.0255 1452	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:09:13.0302 1452	TDTCP - ok
15:09:13.0348 1452	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:09:13.0426 1452	tdx - ok
15:09:13.0473 1452	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:09:13.0489 1452	TermDD - ok
15:09:13.0754 1452	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:09:13.0801 1452	TermService - ok
15:09:14.0050 1452	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:09:14.0066 1452	Themes - ok
15:09:14.0113 1452	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:09:14.0144 1452	THREADORDER - ok
15:09:14.0191 1452	TpChoice        (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys
15:09:14.0222 1452	TpChoice - ok
15:09:14.0253 1452	TPM             (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
15:09:14.0269 1452	TPM - ok
15:09:14.0331 1452	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:09:14.0347 1452	TrkWks - ok
15:09:14.0628 1452	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:09:14.0674 1452	TrustedInstaller - ok
15:09:14.0706 1452	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:09:14.0721 1452	tssecsrv - ok
15:09:14.0752 1452	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:09:14.0784 1452	tunmp - ok
15:09:14.0815 1452	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:09:14.0846 1452	tunnel - ok
15:09:14.0877 1452	U46WDM1_01      (dd60662944aaabbf9d8c9e3bf8428cdf) C:\Windows\system32\DRIVERS\U46wdm.sys
15:09:14.0908 1452	U46WDM1_01 - ok
15:09:14.0940 1452	U46_AA          (2e8dbf227a4d19ef14153f1435338508) C:\Windows\system32\DRIVERS\U46DRV.sys
15:09:14.0971 1452	U46_AA - ok
15:09:14.0986 1452	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:09:15.0018 1452	uagp35 - ok
15:09:15.0049 1452	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
15:09:15.0064 1452	UBHelper - ok
15:09:15.0127 1452	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:09:15.0158 1452	udfs - ok
15:09:15.0252 1452	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:09:15.0298 1452	UI0Detect - ok
15:09:15.0330 1452	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:09:15.0345 1452	uliagpkx - ok
15:09:15.0439 1452	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:09:15.0470 1452	uliahci - ok
15:09:15.0532 1452	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:09:15.0548 1452	UlSata - ok
15:09:15.0595 1452	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:09:15.0610 1452	ulsata2 - ok
15:09:15.0642 1452	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:09:15.0673 1452	umbus - ok
15:09:15.0844 1452	UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
15:09:15.0907 1452	UmRdpService - ok
15:09:15.0969 1452	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:09:16.0016 1452	upnphost - ok
15:09:16.0063 1452	upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:09:16.0094 1452	upperdev - ok
15:09:16.0110 1452	USBAAPL - ok
15:09:16.0156 1452	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:09:16.0188 1452	usbaudio - ok
15:09:16.0234 1452	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:09:16.0281 1452	usbccgp - ok
15:09:16.0328 1452	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:09:16.0390 1452	usbcir - ok
15:09:16.0453 1452	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:09:16.0468 1452	usbehci - ok
15:09:16.0562 1452	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:09:16.0578 1452	usbhub - ok
15:09:16.0624 1452	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:09:16.0687 1452	usbohci - ok
15:09:16.0718 1452	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:09:16.0749 1452	usbprint - ok
15:09:16.0796 1452	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:09:16.0812 1452	usbscan - ok
15:09:16.0843 1452	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
15:09:16.0874 1452	usbser - ok
15:09:16.0921 1452	UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:09:16.0968 1452	UsbserFilt - ok
15:09:16.0983 1452	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:09:17.0030 1452	USBSTOR - ok
15:09:17.0061 1452	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:09:17.0077 1452	usbuhci - ok
15:09:17.0108 1452	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:09:17.0139 1452	usbvideo - ok
15:09:17.0155 1452	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:09:17.0202 1452	UxSms - ok
15:09:17.0264 1452	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:09:17.0311 1452	vds - ok
15:09:17.0358 1452	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:09:17.0404 1452	vga - ok
15:09:17.0545 1452	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:09:17.0592 1452	VgaSave - ok
15:09:17.0607 1452	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:09:17.0623 1452	viaagp - ok
15:09:17.0638 1452	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:09:17.0670 1452	ViaC7 - ok
15:09:17.0748 1452	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:09:17.0763 1452	viaide - ok
15:09:17.0794 1452	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:09:17.0810 1452	volmgr - ok
15:09:17.0888 1452	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:09:17.0935 1452	volmgrx - ok
15:09:18.0044 1452	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:09:18.0060 1452	volsnap - ok
15:09:18.0138 1452	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:09:18.0153 1452	vsmraid - ok
15:09:18.0418 1452	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:09:18.0465 1452	VSS - ok
15:09:18.0824 1452	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:09:18.0855 1452	W32Time - ok
15:09:19.0105 1452	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:09:19.0152 1452	WacomPen - ok
15:09:19.0292 1452	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:19.0339 1452	Wanarp - ok
15:09:19.0339 1452	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:09:19.0370 1452	Wanarpv6 - ok
15:09:19.0588 1452	wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
15:09:19.0822 1452	wbengine - ok
15:09:19.0916 1452	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:09:19.0963 1452	wcncsvc - ok
15:09:20.0041 1452	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:09:20.0088 1452	WcsPlugInService - ok
15:09:20.0181 1452	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:09:20.0197 1452	Wd - ok
15:09:20.0337 1452	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:09:20.0400 1452	Wdf01000 - ok
15:09:20.0431 1452	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:09:20.0462 1452	WdiServiceHost - ok
15:09:20.0462 1452	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:09:20.0493 1452	WdiSystemHost - ok
15:09:20.0524 1452	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:09:20.0571 1452	WebClient - ok
15:09:20.0680 1452	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:09:20.0758 1452	Wecsvc - ok
15:09:20.0836 1452	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:09:20.0868 1452	wercplsupport - ok
15:09:20.0946 1452	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:09:21.0008 1452	WerSvc - ok
15:09:21.0070 1452	WIBUKEY         (4d7602b0b5ca33720cbe08cbc4a9d8e3) C:\Windows\system32\DRIVERS\WibuKey.sys
15:09:21.0117 1452	WIBUKEY - ok
15:09:21.0148 1452	Wibukey2        (1ac50e90995649803bacab62f5f48e2a) C:\Windows\system32\drivers\wibukey2.sys
15:09:21.0195 1452	Wibukey2 ( UnsignedFile.Multi.Generic ) - warning
15:09:21.0195 1452	Wibukey2 - detected UnsignedFile.Multi.Generic (1)
15:09:21.0320 1452	winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:09:21.0351 1452	winachsf - ok
15:09:21.0538 1452	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:09:21.0554 1452	WinDefend - ok
15:09:21.0554 1452	WinHttpAutoProxySvc - ok
15:09:21.0741 1452	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:09:21.0772 1452	Winmgmt - ok
15:09:22.0131 1452	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:09:22.0225 1452	WinRM - ok
15:09:22.0350 1452	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:09:22.0412 1452	Wlansvc - ok
15:09:22.0443 1452	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:09:22.0459 1452	WmiAcpi - ok
15:09:22.0615 1452	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:09:22.0662 1452	wmiApSrv - ok
15:09:22.0911 1452	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:09:23.0098 1452	WMPNetworkSvc - ok
15:09:23.0130 1452	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:09:23.0161 1452	WPDBusEnum - ok
15:09:23.0301 1452	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:09:23.0364 1452	WpdUsb - ok
15:09:23.0769 1452	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:09:23.0894 1452	WPFFontCache_v0400 - ok
15:09:24.0081 1452	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:09:24.0144 1452	ws2ifsl - ok
15:09:24.0222 1452	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:09:24.0253 1452	wscsvc - ok
15:09:24.0300 1452	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:09:24.0315 1452	WSDPrintDevice - ok
15:09:24.0331 1452	WSearch - ok
15:09:25.0064 1452	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:09:25.0314 1452	wuauserv - ok
15:09:25.0563 1452	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:09:25.0610 1452	WUDFRd - ok
15:09:25.0750 1452	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:09:25.0766 1452	wudfsvc - ok
15:09:25.0813 1452	XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
15:09:25.0860 1452	XAudio - ok
15:09:26.0000 1452	XAudioService   (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
15:09:26.0047 1452	XAudioService - ok
15:09:26.0094 1452	MBR (0x1B8)     (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
15:09:28.0558 1452	\Device\Harddisk0\DR0 - ok
15:09:28.0590 1452	Boot (0x1200)   (49a764a290c4d05be3a9fdffff1d90bb) \Device\Harddisk0\DR0\Partition0
15:09:28.0590 1452	\Device\Harddisk0\DR0\Partition0 - ok
15:09:28.0605 1452	Boot (0x1200)   (7f0fc9d758beb7b22e2ffd824da3a7dc) \Device\Harddisk0\DR0\Partition1
15:09:28.0652 1452	\Device\Harddisk0\DR0\Partition1 - ok
15:09:28.0652 1452	============================================================
15:09:28.0652 1452	Scan finished
15:09:28.0652 1452	============================================================
15:09:28.0652 5796	Detected object count: 12
15:09:28.0652 5796	Actual detected object count: 12
15:10:03.0050 5796	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0050 5796	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0050 5796	ETService ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0050 5796	ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0050 5796	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0050 5796	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0050 5796	IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0050 5796	IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	int15 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:10:03.0066 5796	Wibukey2 ( UnsignedFile.Multi.Generic ) - skipped by user
15:10:03.0066 5796	Wibukey2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Und nun? Wie gehts weiter?

23.05.2012, 09:27	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit Searchqu Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ Logfiles bitte immer in CODE-Tags posten

23.05.2012, 20:11	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit Searchqu Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ --> Problem mit Searchqu

25.05.2012, 10:34	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit Searchqu Achso ja, mach das lieber nochmal im normalen Modus. Den abgesicherten nur wenn ich es schreibe oder es Probleme im normalen Modus gibt Die Datensicherung kannst du auf jeden Fall tun, Backups sind immer eine gute Idee __________________ Logfiles bitte immer in CODE-Tags posten

Problem mit Searchqu

Plagegeister aller Art und deren Bekämpfung: Problem mit Searchqu