Trojaner: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

juxfux · 02.09.2012, 01:37

Guten Morgen,

auf meinem Rechner hat sich das schon bekannte Schadprogramm mit der Zahlungsaufforderung und Systemblockade ("Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert ") breit gemacht.
Wie ich im Forum gelesen habe, muss die Problemlösung auf den betroffenen Rechner zugeschneidert sein, daher ein neuer Thread von mir und die Bitte um eure Unterstützung.

Ich habe eben noch Malwarebyte Anti-Malware frisch runtergeladen und laufen lassen. 3 Infizierte Objekte wurden gefunden (Trojan.Ransom.FGen) und darauf mit dem Programm gelöscht.
Die Logdatei ist als Anhang dran und im Kasten.

Vielen Dank schonmal im Voraus!
juxfux

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Friederike :: ***-PC [Administrator]

Schutz: Aktiviert

02.09.2012 02:28:20
mbam-log-2012-09-02 (02-28-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 189266
Laufzeit: 4 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\***\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\***\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

juxfux · 02.09.2012, 02:13

OTL.txt und Extras.txt anonymisiert:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 02.09.2012 02:55:31 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = D:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 60,35% Memory free
5,16 Gb Paging File | 4,15 Gb Available in Paging File | 80,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,69 Gb Total Space | 88,18 Gb Free Space | 61,80% Space Free | Partition Type: NTFS
Drive D: | 139,20 Gb Total Space | 44,31 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
Drive E: | 702,81 Mb Total Space | 499,11 Mb Free Space | 71,02% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Partner Service) -- c:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ALSysIO) -- C:\Users\FRIEDE~1\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (UsbC) -- C:\Windows\System32\drivers\rcusbwdm.sys (SafeNet, Inc.)
DRV - (HOSTNT) -- C:\Windows\System32\drivers\hostnt.sys (SafeNet, Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1211&m=aspire_5530
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1211&m=aspire_5530
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-1920176761-3082088065-799639886-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.02 00:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 23:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.22 11:11:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.03 00:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.24 23:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xqklhhva.default\extensions
[2011.12.04 15:33:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xqklhhva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.02 00:42:01 | 000,002,289 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xqklhhva.default\searchplugins\ecosia.xml
[2010.03.24 12:11:28 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xqklhhva.default\searchplugins\youtube-videosuche.xml
[2012.07.21 08:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.21 08:49:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 23:45:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.15 09:52:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 09:52:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 09:52:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 09:52:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 09:52:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 09:52:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1920176761-3082088065-799639886-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C858BDD-EC36-4BAE-8F0E-0A5256E2D6EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DBB13E-27FC-49B0-93DC-DF128AFAE313}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4876e890-1e6a-11e1-b872-001eec497dd1}\Shell - "" = AutoRun
O33 - MountPoints2\{4876e890-1e6a-11e1-b872-001eec497dd1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.02 02:50:32 | 000,598,528 | ---- | C] (OldTimer Tools) -- D:\Users\***\Desktop\OTL.exe
[2012.09.02 02:18:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.02 02:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.02 02:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.02 02:18:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 02:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.02 02:17:30 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.02 01:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.02 00:41:21 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.02 00:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.02 00:41:20 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.02 00:41:19 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.02 00:41:19 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.09.02 00:41:18 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.02 00:41:16 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.02 00:41:00 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.02 00:40:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.02 00:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.02 00:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.25 09:21:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.24 22:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.08.24 22:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.08.21 21:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012.08.21 21:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012.08.20 10:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftGenetics
[2012.08.20 10:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\SoftGenetics
[2012.08.20 10:40:40 | 000,065,216 | ---- | C] (SafeNet, Inc.) -- C:\Windows\System32\drivers\rcusbwdm.sys
[2012.08.20 10:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Dog
[2012.08.20 10:40:14 | 000,010,304 | ---- | C] (SafeNet, Inc.) -- C:\Windows\System32\drivers\hostnt.sys
[2012.08.15 18:08:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 18:08:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 18:08:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 18:08:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 18:08:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 18:08:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 18:08:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 18:08:21 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.10 08:59:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2012.08.08 11:54:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.08.08 10:55:13 | 000,021,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\CTL3DV2.DLL
[2012.08.08 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gene Runner
[2012.08.08 10:55:09 | 000,000,000 | ---D | C] -- C:\GENERUNR
[2012.08.08 10:51:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IDM
[2012.08.08 10:51:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DMCache
[2012.08.08 10:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012.08.07 11:30:03 | 000,000,000 | --SD | C] -- D:\Users\***\Documents\Meine Datenquellen
[2012.08.07 10:34:33 | 000,000,000 | ---D | C] -- D:\Users\***\Documents\DOC
[2012.08.05 22:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.08.05 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.08.05 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.08.05 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.05 22:38:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.05 22:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.08.05 22:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.08.05 22:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.08.05 22:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.08.05 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2012.08.05 22:29:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.05 22:04:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Seven Zip
[2012.08.03 11:39:01 | 000,000,000 | ---D | C] -- C:\Temp
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.02 02:28:43 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.02 02:28:43 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.02 02:28:43 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.02 02:28:43 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.02 02:21:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.09.02 02:21:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 02:21:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 02:21:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.02 02:18:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.02 01:34:46 | 000,598,528 | ---- | M] (OldTimer Tools) -- D:\Users\***\Desktop\OTL.exe
[2012.09.02 01:31:59 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.02 01:05:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.02 00:41:22 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.09.02 00:41:21 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.02 00:41:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.02 00:41:16 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.08.31 14:12:35 | 000,000,971 | ---- | M] () -- C:\Windows\GENERUNR.INI
[2012.08.23 07:32:33 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.23 07:32:33 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.21 21:34:02 | 000,000,850 | ---- | M] () -- D:\Users\***\Desktop\Core Temp.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.20 10:44:27 | 000,065,216 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\rcusbwdm.sys
[2012.08.20 10:44:14 | 000,010,304 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\hostnt.sys
[2012.08.20 10:44:04 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Mutation Surveyor Local V3.25.lnk
[2012.08.15 18:34:41 | 000,422,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.08 23:02:39 | 000,064,000 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.08 10:55:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.08.08 10:55:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.08.06 08:27:41 | 000,000,120 | ---- | M] () -- C:\Windows\wininit.ini
 
========== Files Created - No Company Name ==========
 
[2012.09.02 02:18:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.02 00:41:21 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.09.02 00:41:16 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012.08.24 21:58:51 | 000,000,947 | ---- | C] () -- D:\Users\***\Desktop\Launch Internet Explorer Browser.lnk
[2012.08.21 21:34:02 | 000,000,850 | ---- | C] () -- D:\Users\***\Desktop\Core Temp.lnk
[2012.08.20 10:44:04 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Mutation Surveyor Local V3.25.lnk
[2012.08.08 10:55:13 | 000,000,971 | ---- | C] () -- C:\Windows\GENERUNR.INI
[2012.08.08 10:55:01 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.08.08 10:55:01 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.08.06 08:27:40 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.29 21:58:30 | 000,014,298 | ---- | C] () -- C:\Users\***\Falten.odt
[2012.05.29 20:58:18 | 000,015,878 | ---- | C] () -- C:\Users\***\Kündigung.odt
[2012.05.29 20:58:13 | 000,014,185 | ---- | C] () -- C:\Users\***\Bescheinigung Mietzahlung.odt
[2011.12.16 13:00:43 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.16 13:00:43 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.16 12:59:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.12.16 12:55:51 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.12.04 16:52:40 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2011.12.03 18:40:52 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.03 11:45:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.03 11:45:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.03 00:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.12.02 21:01:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.02 18:35:59 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2008.05.20 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2012.08.19 08:46:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DMCache
[2012.08.06 08:28:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.12.02 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2012.08.19 08:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDM
[2011.12.04 16:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.03 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2011.12.03 20:37:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.12.04 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.12.03 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.09.02 00:41:16 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012.09.02 02:02:15 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 02.09.2012 02:55:31 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = D:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 60,35% Memory free
5,16 Gb Paging File | 4,15 Gb Available in Paging File | 80,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,69 Gb Total Space | 88,18 Gb Free Space | 61,80% Space Free | Partition Type: NTFS
Drive D: | 139,20 Gb Total Space | 44,31 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
Drive E: | 702,81 Mb Total Space | 499,11 Mb Free Space | 71,02% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1920176761-3082088065-799639886-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9A994F4A-9896-4CFA-B90F-290C151AF00E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D318CC1-975E-42F8-9C97-BC2232D9B2F7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{13CBE10C-14EC-4CDA-9A81-57684F8BC9AB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{13DE1542-C1CE-4DFF-94F0-BD704E111E66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{1CD46E22-8A6E-48D2-9CF7-D579DBA1783E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1CD7BE3B-4D47-43AA-835E-00493BEDFDD4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{24DC5CB8-203B-407E-B201-F1546FEC58DA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{42EA0378-9F97-4B6E-9209-50BE4EC82FDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{463DDD33-3EA5-4A68-8255-95D3A00718BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{57318D87-7435-46AC-8AC1-F1C7463C7746}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{70776BD7-A543-477E-A80B-847500D0180D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{763ABA04-357F-4186-897D-910AA5EEA47A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8889845E-8BB8-43F5-98F6-C63C38021AB0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{90E493CF-2B37-4548-AB90-4D6A1B25FB08}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{9D869D73-4A9B-42FE-A37C-87F2FD811210}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{CBA115AA-87A2-41BA-B521-73EDA6D0AFA8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{E829CE93-107B-4CEA-96D5-7E94E0CDAD9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1C9C0EE0-1A46-439E-AE01-9DBFF57C614C}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"TCP Query User{B6004FBE-FC5F-4920-A78A-7C3590FDC6EA}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B727F67D-7E6A-4CC5-8292-84615A7F5F7B}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"UDP Query User{25FF8E1A-5724-4C39-9C88-B93884A5CFB1}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"UDP Query User{29C75BCE-45CD-43A0-87E2-4349615EB8CC}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{805D9292-081B-402E-9CB6-85ABF8466CCE}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000BDCDA-F41C-0D45-3B1A-936F0B4ACE5B}" = CCC Help Hungarian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06006FA0-1195-3E80-7C71-9F45F6CCDE6A}" = CCC Help Greek
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{17D46D1F-97F3-9557-23F3-E799D7AB1594}" = ccc-core-static
"{17E12C4B-7822-18E7-9901-E56B71100454}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DA19D59-E9B9-ABF5-A7CB-EA1BEDF2C0FC}" = Catalyst Control Center Localization Thai
"{318B26D1-46E8-A84F-2758-521C3C32346E}" = Catalyst Control Center Graphics Light
"{31A9C52D-8663-55B3-B22F-D5721F7666D9}" = Catalyst Control Center Localization Danish
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-385C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FAE967-C659-865C-0030-74A8280CE48E}" = Catalyst Control Center Localization Swedish
"{41E9864B-785A-D312-7030-FB20B14F9246}" = Catalyst Control Center Graphics Full Existing
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43361F3E-430A-B80D-248B-76B62C8D5384}" = CCC Help Portuguese
"{45193025-C4C4-967C-7D09-085E2C678B12}" = CCC Help German
"{494FE3AD-6A66-7607-C29A-E4B8A817F281}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1B7E9B-6C41-8EE8-B55F-264DEC2BF22C}" = Catalyst Control Center Localization Dutch
"{4ABA5E02-4580-3A2D-18C9-19D93978F04E}" = Catalyst Control Center Localization Korean
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5179AAED-D78F-E989-801A-7825F97AB674}" = CCC Help Russian
"{5444EA18-A034-0B0D-37EA-6AE8DFA131EC}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DC1BB7-D46A-2F8D-7AC9-E4D68AA8DF02}" = Catalyst Control Center Localization Turkish
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EC85130-EB97-3602-400F-6029B629F7A0}" = Catalyst Control Center Localization German
"{6A9E4582-7BDB-AD2C-8A04-0CDD0FE29637}" = CCC Help French
"{6CCDCF6B-7BB2-022F-ACEB-9649CE0C3C9E}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DCCB90-294C-FBCA-824B-49D54A0090B4}" = Catalyst Control Center Graphics Full New
"{73072CA1-5B40-21BB-47DC-38F64589EBA3}" = CCC Help Italian
"{73EFC5C1-2926-54F0-43FD-3D88076A7DFC}" = CCC Help Finnish
"{79BE93D6-4043-8914-BC76-6C8A6FE2F400}" = CCC Help Swedish
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7F0696F2-39F5-DA17-7501-6C6D37BD50E4}" = CCC Help Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{85DDD70F-2EAE-550C-1F09-8CADFB2F7BD4}" = Catalyst Control Center Localization Polish
"{8949C868-DCE2-8D4F-8BF3-441031F8B4BF}" = Catalyst Control Center Localization Greek
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FE6FD04-1F8D-2132-3178-C7C71C1980C5}" = Catalyst Control Center Localization Japanese
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{907B3A12-1392-4BCF-A0B5-49AAC2E2EA5D}" = LECTURNITY Player
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{98834478-C82D-687B-36DB-E9B15C48C7C3}" = CCC Help Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D521657-32BD-5C20-D739-D6A28EC21004}" = Catalyst Control Center Localization Chinese Standard
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A3AE2198-5EC2-1C86-3DF3-24FB352A22CC}" = CCC Help Japanese
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6F830C0-50C5-E5FE-4B6B-B285178E9139}" = Catalyst Control Center Localization Czech
"{ABAD548B-C77B-0DD7-3533-17BF30EEFA4D}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFB6D60D-99DF-4A7A-8136-832937491031}" = Nero BackItUp 2 Essentials
"{B512B38C-6391-F0A3-DC04-5E9006280619}" = Catalyst Control Center Localization French
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7273DAD-1972-0971-C126-B54B63D7F207}" = Catalyst Control Center InstallProxy
"{B9B2088C-3629-FC4E-9AB4-AA6A832C070B}" = Catalyst Control Center Localization Hungarian
"{BA94B209-9B88-C24E-1A11-0AE1D82768CF}" = CCC Help Chinese Standard
"{BDBED9FE-66E4-30D2-91FB-9EF360926B07}" = Catalyst Control Center Localization Italian
"{C10AA441-5EF2-1A5A-CD1A-002A49C32DFD}" = CCC Help Dutch
"{C1935A92-CCFC-17A5-7DE5-3961F2A987A1}" = Catalyst Control Center Localization Russian
"{C6AC8645-DE33-5563-60D2-27E83AA6BADF}" = CCC Help Turkish
"{C70C0EE6-4A66-0442-0EE4-F8A6BBFF8956}" = Catalyst Control Center Localization Finnish
"{C73AA7F7-0ACA-327B-B15F-B5199F44CBBF}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D9534EEA-F733-F153-BA56-8B0ACDAD827D}" = CCC Help Norwegian
"{DC137490-B154-9DAE-DC95-3C6A9E3BE802}" = Catalyst Control Center Localization Norwegian
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DE62F674-72FA-841A-10BD-2FC04844BB07}" = Catalyst Control Center Localization Chinese Traditional
"{DF320EE9-D279-0B91-A036-7707D653672A}" = Catalyst Control Center Core Implementation
"{E23131B3-2465-9263-CCFF-E40C52B5AAF0}" = CCC Help Danish
"{ECE1EE17-9068-A1ED-BEAE-26F54EF14F83}" = ATI Catalyst Install Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B97782-A1EE-4292-D3A1-6413144FF450}" = Catalyst Control Center Localization Portuguese
"{FAE73242-6582-B839-0E5C-199AE2B72C40}" = CCC Help Chinese Traditional
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Finale 2007" = Finale 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mutation Surveyor(Local_V3.25)" = Mutation Surveyor(Local_V3.25)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 1.1.11
"vLite_is1" = vLite
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.08.2012 09:03:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.08.2012 15:20:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.08.2012 01:27:51 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.08.2012 03:19:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2012 03:25:39 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.08.2012 15:52:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.08.2012 02:52:14 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.08.2012 12:12:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.08.2012 17:42:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.08.2012 02:18:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 01.09.2012 18:45:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2012 18:49:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2012 20:04:05 | Computer Name = ***-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 01.09.2012 20:05:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.09.2012 20:05:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.09.2012 20:05:50 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 01.09.2012 20:05:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 01.09.2012 20:05:57 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 01.09.2012 20:06:00 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 01.09.2012 20:21:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Gute Nacht allerseits

juxfux · 02.09.2012, 11:35

Da der erste Scan mit Anti-Malware nur ein Quick scan war, habe ich nochmal einen kompletten durchgeführt und siehe da: Eine weitere Datei entdeckt.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

02.09.2012 11:19:47
mbam-log-2012-09-02 (11-19-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326618
Laufzeit: 59 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Users\***\Downloads\coretemp_rc3_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Habe dazu noch die Dateien von OTL im Anhang ergänzt, sind allerdings die logfiles , die nach dem quickScan von Anti-Malware entstanden sind. Benötigt ihr nach dem nun ausgeführten kompletten Scan einen weitereren OTL Scan?

Vielen Dank schonmal!

cosinus · 04.09.2012, 16:15

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

juxfux · 06.09.2012, 01:58

Viele Dank für die Antwort, hier das ESET Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a5811b2a176a46418840a177e9370c50
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 11:56:47
# local_time=2012-09-06 01:56:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16774142 0 32 19612111 22973263 0 0
# compatibility_mode=5892 16776573 100 100 134181 184407849 0 0
# compatibility_mode=8192 67108863 100 0 308 308 0 0
# scanned=144795
# found=1
# cleaned=0
# scan_time=14286
C:\Users\***\AppData\Local\Microsoft\Windows\1732\wfapigp.exe	a variant of Win32/Kryptik.ALHI trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 06.09.2012, 14:43

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

juxfux · 06.09.2012, 20:17

Das Ergebnis der adwCleaner Prüfung:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/06/2012 um 21:15:01 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ***- ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : D:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xqklhhva.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1799 octets] - [06/09/2012 21:15:01]

########## EOF - C:\AdwCleaner[R1].txt - [1859 octets] ##########

cosinus · 06.09.2012, 21:36

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

juxfux · 07.09.2012, 05:48

So, nun das Ergebnis der Löschaktion von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.000 - Datei am 09/07/2012 um 06:42:27 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : ***- ***-PC
# Normaler Modus : Normal
# Ausgeführt unter : D:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xqklhhva.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1928 octets] - [06/09/2012 21:15:01]
AdwCleaner[R2].txt - [1988 octets] - [06/09/2012 21:18:48]
AdwCleaner[R3].txt - [2048 octets] - [06/09/2012 21:51:18]
AdwCleaner[S1].txt - [2424 octets] - [07/09/2012 06:42:27]

########## EOF - C:\AdwCleaner[S1].txt - [2484 octets] ##########

cosinus · 07.09.2012, 11:43

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

juxfux · 07.09.2012, 12:22

Der normale Modus geht problemlos (seit der Entfernung der 3 Funde aus dem ersten Post mit Anti-Antimalware).
Den Fund aus ESET habe ich aber wie angewiesen noch NICHT entfernt.
Ob Einträge im Startmenü fehlen kann ich erst heute Abend nachschauen, da ich zurzeit nicht am betroffenen Rechner bin. Sollte den etwas fehlen?

Zitat:

Zitat von juxfux

Der normale Modus geht problemlos (seit der Entfernung der 3 Funde aus dem ersten Post mit Anti-Antimalware).
Den Fund aus ESET habe ich aber wie angewiesen noch NICHT entfernt.
Ob Einträge im Startmenü fehlen kann ich erst heute Abend nachschauen, da ich zurzeit nicht am betroffenen Rechner bin. Sollte den etwas fehlen?

So, habe nachgeschaut und festgestellt, dass alle Einträge im Startmenü noch vorhanden sind.

juxfux · 08.09.2012, 14:53

So, habe nachgeschaut und festgestellt, dass alle Einträge im Startmenü noch vorhanden sind.

juxfux · 10.09.2012, 11:53

Hallo cosinus,

wollte mal fragen ob ich mit meiner Kur schon am Ende bin oder wie ich weiter vorgehen sollte.

Außerdem noch ein paar Fragen:
Ist der Rechner noch "ansteckend"?
Kann ich den Fund aus ESET löschen lassen?
Befällt das Virus nur Systemdateien oder auch "persönliches"?

Vielen Dank schonmal!

juxfux · 10.09.2012, 22:25

Code:

ATTFilter

23:21:37.0216 2140  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:21:37.0778 2140  ============================================================
23:21:37.0778 2140  Current date / time: 2012/09/10 23:21:37.0778
23:21:37.0778 2140  SystemInfo:
23:21:37.0778 2140  
23:21:37.0778 2140  OS Version: 6.0.6002 ServicePack: 2.0
23:21:37.0778 2140  Product type: Workstation
23:21:37.0778 2140  ComputerName: FRIEDERIKE-PC
23:21:37.0778 2140  UserName: Friederike
23:21:37.0778 2140  Windows directory: C:\Windows
23:21:37.0778 2140  System windows directory: C:\Windows
23:21:37.0778 2140  Processor architecture: Intel x86
23:21:37.0778 2140  Number of processors: 2
23:21:37.0778 2140  Page size: 0x1000
23:21:37.0778 2140  Boot type: Normal boot
23:21:37.0778 2140  ============================================================
23:21:40.0258 2140  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:21:40.0274 2140  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:21:40.0305 2140  ============================================================
23:21:40.0305 2140  \Device\Harddisk0\DR0:
23:21:40.0305 2140  MBR partitions:
23:21:40.0305 2140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x11D63800
23:21:40.0305 2140  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x136C8000, BlocksNum 0x11666000
23:21:40.0305 2140  \Device\Harddisk1\DR1:
23:21:40.0305 2140  MBR partitions:
23:21:40.0305 2140  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:21:40.0305 2140  ============================================================
23:21:40.0352 2140  C: <-> \Device\Harddisk0\DR0\Partition1
23:21:40.0414 2140  D: <-> \Device\Harddisk0\DR0\Partition2
23:21:40.0430 2140  F: <-> \Device\Harddisk1\DR1\Partition1
23:21:40.0445 2140  ============================================================
23:21:40.0445 2140  Initialize success
23:21:40.0445 2140  ============================================================
23:22:00.0881 3568  ============================================================
23:22:00.0881 3568  Scan started
23:22:00.0881 3568  Mode: Manual; SigCheck; TDLFS; 
23:22:00.0881 3568  ============================================================
23:22:01.0349 3568  ================ Scan system memory ========================
23:22:01.0349 3568  System memory - ok
23:22:01.0365 3568  ================ Scan services =============================
23:22:01.0646 3568  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:22:02.0207 3568  ACPI - ok
23:22:02.0363 3568  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:22:02.0426 3568  AdobeARMservice - ok
23:22:02.0488 3568  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:22:02.0551 3568  AdobeFlashPlayerUpdateSvc - ok
23:22:02.0660 3568  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:22:02.0769 3568  adp94xx - ok
23:22:02.0816 3568  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:22:02.0909 3568  adpahci - ok
23:22:02.0956 3568  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:22:03.0019 3568  adpu160m - ok
23:22:03.0065 3568  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:22:03.0128 3568  adpu320 - ok
23:22:03.0237 3568  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:22:03.0362 3568  AeLookupSvc - ok
23:22:03.0440 3568  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
23:22:03.0549 3568  AFD - ok
23:22:03.0596 3568  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:22:03.0658 3568  agp440 - ok
23:22:03.0705 3568  [ 9879FF9F6A04D660BC245788E1881B00 ] ahcix86s        C:\Windows\system32\DRIVERS\ahcix86s.sys
23:22:03.0799 3568  ahcix86s - ok
23:22:03.0845 3568  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:22:03.0908 3568  aic78xx - ok
23:22:03.0939 3568  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
23:22:04.0079 3568  ALG - ok
23:22:04.0111 3568  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:22:04.0173 3568  aliide - ok
23:22:04.0251 3568  ALSysIO - ok
23:22:04.0282 3568  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:22:04.0345 3568  amdagp - ok
23:22:04.0391 3568  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:22:04.0454 3568  amdide - ok
23:22:04.0485 3568  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:22:04.0610 3568  AmdK7 - ok
23:22:04.0735 3568  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:22:04.0859 3568  AmdK8 - ok
23:22:04.0922 3568  [ 0ED1A5B7A8AE5939A92EA1EC39E16D21 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
23:22:04.0984 3568  ApfiltrService - ok
23:22:05.0047 3568  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
23:22:05.0125 3568  Appinfo - ok
23:22:05.0156 3568  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
23:22:05.0218 3568  arc - ok
23:22:05.0281 3568  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:22:05.0327 3568  arcsas - ok
23:22:05.0390 3568  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
23:22:05.0437 3568  aswFsBlk - ok
23:22:05.0483 3568  [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
23:22:05.0530 3568  aswMonFlt - ok
23:22:05.0561 3568  [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
23:22:05.0624 3568  AswRdr - ok
23:22:05.0686 3568  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:22:05.0858 3568  aswSnx - ok
23:22:05.0905 3568  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
23:22:05.0998 3568  aswSP - ok
23:22:06.0029 3568  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
23:22:06.0092 3568  aswTdi - ok
23:22:06.0123 3568  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:22:06.0248 3568  AsyncMac - ok
23:22:06.0295 3568  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:22:06.0357 3568  atapi - ok
23:22:06.0419 3568  [ F4B36684811CA991AA2385CB963CA56B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:22:06.0544 3568  Ati External Event Utility - ok
23:22:06.0794 3568  [ D4129EDF159A9B352BB0D3E5CE0DAC04 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:22:07.0199 3568  atikmdag - ok
23:22:07.0262 3568  [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
23:22:07.0309 3568  AtiPcie - ok
23:22:07.0371 3568  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:22:07.0496 3568  AudioEndpointBuilder - ok
23:22:07.0511 3568  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:22:07.0621 3568  Audiosrv - ok
23:22:07.0699 3568  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:22:07.0745 3568  avast! Antivirus - ok
23:22:07.0808 3568  [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:22:07.0901 3568  b57nd60x - ok
23:22:07.0979 3568  [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
23:22:08.0135 3568  BCM43XX - ok
23:22:08.0167 3568  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:22:08.0307 3568  Beep - ok
23:22:08.0385 3568  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
23:22:08.0541 3568  BFE - ok
23:22:08.0619 3568  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
23:22:08.0806 3568  BITS - ok
23:22:08.0837 3568  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:22:08.0947 3568  blbdrive - ok
23:22:08.0993 3568  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:22:09.0056 3568  bowser - ok
23:22:09.0103 3568  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:22:09.0196 3568  BrFiltLo - ok
23:22:09.0243 3568  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:22:09.0337 3568  BrFiltUp - ok
23:22:09.0383 3568  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
23:22:09.0508 3568  Browser - ok
23:22:09.0539 3568  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:22:09.0773 3568  Brserid - ok
23:22:09.0805 3568  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:22:10.0007 3568  BrSerWdm - ok
23:22:10.0039 3568  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:22:10.0257 3568  BrUsbMdm - ok
23:22:10.0304 3568  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:22:10.0522 3568  BrUsbSer - ok
23:22:10.0553 3568  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:22:10.0772 3568  BTHMODEM - ok
23:22:10.0834 3568  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
23:22:10.0850 3568  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
23:22:10.0850 3568  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
23:22:10.0912 3568  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:22:11.0037 3568  cdfs - ok
23:22:11.0084 3568  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:22:11.0177 3568  cdrom - ok
23:22:11.0240 3568  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:22:11.0365 3568  CertPropSvc - ok
23:22:11.0396 3568  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:22:11.0521 3568  circlass - ok
23:22:11.0567 3568  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:22:11.0661 3568  CLFS - ok
23:22:11.0770 3568  [ 1A05E1AF359D8E961279F1EEA30A91EE ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
23:22:11.0817 3568  CLHNService - ok
23:22:11.0895 3568  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:22:11.0957 3568  clr_optimization_v2.0.50727_32 - ok
23:22:12.0051 3568  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:22:12.0129 3568  clr_optimization_v4.0.30319_32 - ok
23:22:12.0160 3568  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:22:12.0285 3568  CmBatt - ok
23:22:12.0316 3568  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:22:12.0379 3568  cmdide - ok
23:22:12.0410 3568  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:22:12.0472 3568  Compbatt - ok
23:22:12.0488 3568  COMSysApp - ok
23:22:12.0519 3568  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:22:12.0566 3568  crcdisk - ok
23:22:12.0597 3568  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:22:12.0722 3568  Crusoe - ok
23:22:12.0784 3568  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:22:12.0878 3568  CryptSvc - ok
23:22:12.0956 3568  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:22:13.0127 3568  DcomLaunch - ok
23:22:13.0174 3568  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:22:13.0237 3568  DfsC - ok
23:22:13.0377 3568  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:22:13.0642 3568  DFSR - ok
23:22:13.0689 3568  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:22:13.0814 3568  Dhcp - ok
23:22:13.0876 3568  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:22:13.0923 3568  disk - ok
23:22:14.0001 3568  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
23:22:14.0063 3568  DKbFltr - ok
23:22:14.0110 3568  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:22:14.0188 3568  Dnscache - ok
23:22:14.0235 3568  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:22:14.0344 3568  dot3svc - ok
23:22:14.0407 3568  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
23:22:14.0531 3568  DPS - ok
23:22:14.0594 3568  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
23:22:14.0641 3568  DritekPortIO - ok
23:22:14.0687 3568  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:22:14.0781 3568  drmkaud - ok
23:22:14.0843 3568  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:22:14.0968 3568  DXGKrnl - ok
23:22:15.0015 3568  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:22:15.0140 3568  E1G60 - ok
23:22:15.0233 3568  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
23:22:15.0327 3568  EapHost - ok
23:22:15.0389 3568  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:22:15.0467 3568  Ecache - ok
23:22:15.0561 3568  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
23:22:15.0670 3568  eDataSecurity Service - ok
23:22:15.0733 3568  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:22:15.0811 3568  ehRecvr - ok
23:22:15.0842 3568  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
23:22:15.0904 3568  ehSched - ok
23:22:15.0935 3568  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
23:22:15.0998 3568  ehstart - ok
23:22:16.0076 3568  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:22:16.0169 3568  elxstor - ok
23:22:16.0232 3568  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:22:16.0357 3568  EMDMgmt - ok
23:22:16.0403 3568  [ 6C74035909B31F873D85B25E00BEB984 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
23:22:16.0466 3568  enecir - ok
23:22:16.0497 3568  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:22:16.0622 3568  ErrDev - ok
23:22:16.0700 3568  [ A51FD9DF23720485991F56741BBEFCFB ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
23:22:16.0731 3568  ETService ( UnsignedFile.Multi.Generic ) - warning
23:22:16.0731 3568  ETService - detected UnsignedFile.Multi.Generic (1)
23:22:16.0809 3568  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
23:22:16.0918 3568  EventSystem - ok
23:22:16.0965 3568  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
23:22:17.0043 3568  exfat - ok
23:22:17.0090 3568  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:22:17.0183 3568  fastfat - ok
23:22:17.0230 3568  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:22:17.0355 3568  fdc - ok
23:22:17.0402 3568  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:22:17.0511 3568  fdPHost - ok
23:22:17.0542 3568  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:22:17.0776 3568  FDResPub - ok
23:22:17.0839 3568  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:22:17.0901 3568  FileInfo - ok
23:22:17.0932 3568  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:22:18.0057 3568  Filetrace - ok
23:22:18.0088 3568  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:22:18.0213 3568  flpydisk - ok
23:22:18.0244 3568  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:22:18.0322 3568  FltMgr - ok
23:22:18.0416 3568  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
23:22:18.0525 3568  FontCache - ok
23:22:18.0587 3568  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:18.0634 3568  FontCache3.0.0.0 - ok
23:22:18.0681 3568  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:22:18.0743 3568  Fs_Rec - ok
23:22:18.0790 3568  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:22:18.0837 3568  gagp30kx - ok
23:22:18.0899 3568  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:22:19.0040 3568  gpsvc - ok
23:22:19.0087 3568  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:22:19.0321 3568  HdAudAddService - ok
23:22:19.0383 3568  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:22:19.0539 3568  HDAudBus - ok
23:22:19.0570 3568  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:22:19.0773 3568  HidBth - ok
23:22:19.0929 3568  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:22:20.0007 3568  HidIr - ok
23:22:20.0054 3568  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
23:22:20.0147 3568  hidserv - ok
23:22:20.0179 3568  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:22:20.0288 3568  HidUsb - ok
23:22:20.0335 3568  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:22:20.0475 3568  hkmsvc - ok
23:22:20.0522 3568  [ 0573480A26DB723364C65373094CF73C ] HOSTNT          C:\Windows\system32\drivers\HOSTNT.sys
23:22:20.0569 3568  HOSTNT - ok
23:22:20.0600 3568  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:22:20.0662 3568  HpCISSs - ok
23:22:20.0709 3568  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:22:20.0834 3568  HSFHWAZL - ok
23:22:20.0912 3568  [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:22:21.0083 3568  HSF_DPV - ok
23:22:21.0115 3568  [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:22:21.0193 3568  HSXHWAZL - ok
23:22:21.0271 3568  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:22:21.0380 3568  HTTP - ok
23:22:21.0411 3568  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:22:21.0473 3568  i2omp - ok
23:22:21.0520 3568  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:22:21.0629 3568  i8042prt - ok
23:22:21.0676 3568  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:22:21.0739 3568  iaStorV - ok
23:22:21.0832 3568  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:21.0973 3568  idsvc - ok
23:22:22.0019 3568  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:22:22.0066 3568  iirsp - ok
23:22:22.0129 3568  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:22:22.0253 3568  IKEEXT - ok
23:22:22.0300 3568  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Windows\system32\drivers\int15.sys
23:22:22.0347 3568  int15 - ok
23:22:22.0487 3568  [ 3CFA12FEFEA751DAE7B8133A6EF3C0D9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:22:22.0753 3568  IntcAzAudAddService - ok
23:22:22.0799 3568  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:22:22.0862 3568  intelide - ok
23:22:22.0893 3568  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:22:23.0018 3568  intelppm - ok
23:22:23.0080 3568  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:22:23.0205 3568  IPBusEnum - ok
23:22:23.0236 3568  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:22:23.0361 3568  IpFilterDriver - ok
23:22:23.0408 3568  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:22:23.0486 3568  iphlpsvc - ok
23:22:23.0517 3568  IpInIp - ok
23:22:23.0564 3568  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:22:23.0689 3568  IPMIDRV - ok
23:22:23.0798 3568  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:22:23.0938 3568  IPNAT - ok
23:22:23.0954 3568  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:22:24.0079 3568  IRENUM - ok
23:22:24.0110 3568  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:22:24.0172 3568  isapnp - ok
23:22:24.0235 3568  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:22:24.0297 3568  iScsiPrt - ok
23:22:24.0344 3568  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:22:24.0391 3568  iteatapi - ok
23:22:24.0422 3568  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:22:24.0469 3568  iteraid - ok
23:22:24.0531 3568  [ FA4A5B32CAE6074205B26971191EFEE4 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
23:22:24.0640 3568  JMCR - ok
23:22:24.0671 3568  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:22:24.0734 3568  kbdclass - ok
23:22:24.0781 3568  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:22:24.0874 3568  kbdhid - ok
23:22:24.0921 3568  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:22:24.0999 3568  KeyIso - ok
23:22:25.0077 3568  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:22:25.0171 3568  KSecDD - ok
23:22:25.0233 3568  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:22:25.0405 3568  KtmRm - ok
23:22:25.0436 3568  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:22:25.0545 3568  LanmanServer - ok
23:22:25.0607 3568  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:22:25.0701 3568  LanmanWorkstation - ok
23:22:25.0763 3568  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:22:25.0795 3568  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:22:25.0795 3568  LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:22:25.0841 3568  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:22:25.0966 3568  lltdio - ok
23:22:26.0013 3568  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:22:26.0169 3568  lltdsvc - ok
23:22:26.0216 3568  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:22:26.0419 3568  lmhosts - ok
23:22:26.0497 3568  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:22:26.0559 3568  LSI_FC - ok
23:22:26.0590 3568  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:22:26.0653 3568  LSI_SAS - ok
23:22:26.0699 3568  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:22:26.0762 3568  LSI_SCSI - ok
23:22:26.0809 3568  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
23:22:26.0933 3568  luafv - ok
23:22:26.0980 3568  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:22:27.0043 3568  MBAMProtector - ok
23:22:27.0121 3568  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:22:27.0214 3568  MBAMService - ok
23:22:27.0245 3568  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:22:27.0323 3568  Mcx2Svc - ok
23:22:27.0355 3568  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:22:27.0401 3568  mdmxsdk - ok
23:22:27.0448 3568  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:22:27.0495 3568  megasas - ok
23:22:27.0557 3568  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:22:27.0667 3568  MegaSR - ok
23:22:27.0760 3568  Microsoft SharePoint Workspace Audit Service - ok
23:22:27.0807 3568  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
23:22:27.0947 3568  MMCSS - ok
23:22:27.0979 3568  MobilityService - ok
23:22:28.0025 3568  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
23:22:28.0166 3568  Modem - ok
23:22:28.0197 3568  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:22:28.0306 3568  monitor - ok
23:22:28.0337 3568  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:22:28.0384 3568  mouclass - ok
23:22:28.0415 3568  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:22:28.0540 3568  mouhid - ok
23:22:28.0587 3568  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:22:28.0634 3568  MountMgr - ok
23:22:28.0696 3568  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:22:28.0759 3568  MozillaMaintenance - ok
23:22:28.0821 3568  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:22:28.0883 3568  mpio - ok
23:22:28.0915 3568  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:22:29.0024 3568  mpsdrv - ok
23:22:29.0086 3568  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:22:29.0242 3568  MpsSvc - ok
23:22:29.0273 3568  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:22:29.0336 3568  Mraid35x - ok
23:22:29.0383 3568  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:22:29.0461 3568  MRxDAV - ok
23:22:29.0507 3568  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:22:29.0570 3568  mrxsmb - ok
23:22:29.0617 3568  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:22:29.0741 3568  mrxsmb10 - ok
23:22:29.0788 3568  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:22:29.0866 3568  mrxsmb20 - ok
23:22:29.0913 3568  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
23:22:29.0975 3568  msahci - ok
23:22:30.0022 3568  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:22:30.0085 3568  msdsm - ok
23:22:30.0116 3568  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
23:22:30.0256 3568  MSDTC - ok
23:22:30.0303 3568  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:22:30.0428 3568  Msfs - ok
23:22:30.0459 3568  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:22:30.0521 3568  msisadrv - ok
23:22:30.0568 3568  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:22:30.0709 3568  MSiSCSI - ok
23:22:30.0724 3568  msiserver - ok
23:22:30.0755 3568  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:22:30.0880 3568  MSKSSRV - ok
23:22:30.0911 3568  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:22:31.0036 3568  MSPCLOCK - ok
23:22:31.0052 3568  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:22:31.0161 3568  MSPQM - ok
23:22:31.0208 3568  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:22:31.0286 3568  MsRPC - ok
23:22:31.0333 3568  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:22:31.0379 3568  mssmbios - ok
23:22:31.0426 3568  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:22:31.0551 3568  MSTEE - ok
23:22:31.0567 3568  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
23:22:31.0629 3568  Mup - ok
23:22:31.0676 3568  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:22:31.0816 3568  napagent - ok
23:22:31.0863 3568  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:22:31.0941 3568  NativeWifiP - ok
23:22:32.0050 3568  [ EF4DE77AE8FD4D492C419CA709930B74 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:22:32.0175 3568  NBService - ok
23:22:32.0237 3568  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:22:32.0347 3568  NDIS - ok
23:22:32.0378 3568  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:22:32.0487 3568  NdisTapi - ok
23:22:32.0518 3568  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:22:32.0627 3568  Ndisuio - ok
23:22:32.0690 3568  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:22:32.0768 3568  NdisWan - ok
23:22:32.0799 3568  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:22:32.0893 3568  NDProxy - ok
23:22:32.0924 3568  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:22:33.0049 3568  NetBIOS - ok
23:22:33.0111 3568  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:22:33.0220 3568  netbt - ok
23:22:33.0236 3568  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:22:33.0298 3568  Netlogon - ok
23:22:33.0345 3568  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:22:33.0517 3568  Netman - ok
23:22:33.0548 3568  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:22:33.0688 3568  netprofm - ok
23:22:33.0735 3568  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:22:33.0797 3568  NetTcpPortSharing - ok
23:22:33.0844 3568  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:22:33.0891 3568  nfrd960 - ok
23:22:33.0938 3568  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:22:34.0078 3568  NlaSvc - ok
23:22:34.0172 3568  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:22:34.0234 3568  NMIndexingService - ok
23:22:34.0281 3568  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:22:34.0390 3568  Npfs - ok
23:22:34.0421 3568  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
23:22:34.0546 3568  nsi - ok
23:22:34.0577 3568  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:22:34.0702 3568  nsiproxy - ok
23:22:34.0811 3568  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:22:35.0014 3568  Ntfs - ok
23:22:35.0061 3568  [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:22:35.0092 3568  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
23:22:35.0092 3568  NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
23:22:35.0155 3568  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:22:35.0201 3568  NTIDrvr - ok
23:22:35.0248 3568  [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
23:22:35.0295 3568  NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
23:22:35.0295 3568  NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
23:22:35.0326 3568  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:22:35.0373 3568  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
23:22:35.0373 3568  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
23:22:35.0404 3568  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:22:35.0607 3568  ntrigdigi - ok
23:22:35.0701 3568  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:22:35.0810 3568  Null - ok
23:22:35.0841 3568  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:22:35.0903 3568  nvraid - ok
23:22:35.0950 3568  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:22:35.0997 3568  nvstor - ok
23:22:36.0044 3568  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:22:36.0106 3568  nv_agp - ok
23:22:36.0122 3568  NwlnkFlt - ok
23:22:36.0153 3568  NwlnkFwd - ok
23:22:36.0200 3568  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:22:36.0403 3568  ohci1394 - ok
23:22:36.0481 3568  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:22:36.0527 3568  ose - ok
23:22:36.0793 3568  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:22:37.0276 3568  osppsvc - ok
23:22:37.0354 3568  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:22:37.0510 3568  p2pimsvc - ok
23:22:37.0541 3568  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:22:37.0651 3568  p2psvc - ok
23:22:37.0682 3568  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
23:22:37.0900 3568  Parport - ok
23:22:37.0931 3568  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:22:37.0994 3568  partmgr - ok
23:22:38.0025 3568  Partner Service - ok
23:22:38.0056 3568  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:22:38.0275 3568  Parvdm - ok
23:22:38.0321 3568  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:22:38.0415 3568  PcaSvc - ok
23:22:38.0446 3568  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
23:22:38.0509 3568  pci - ok
23:22:38.0540 3568  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
23:22:38.0602 3568  pciide - ok
23:22:38.0633 3568  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:22:38.0696 3568  pcmcia - ok
23:22:38.0774 3568  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:22:39.0055 3568  PEAUTH - ok
23:22:39.0242 3568  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
23:22:39.0476 3568  pla - ok
23:22:39.0538 3568  [ D597E8D5C35CC41D76DE5DD6EDA2AFA1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
23:22:39.0585 3568  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:22:39.0585 3568  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:22:39.0647 3568  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:22:39.0772 3568  PlugPlay - ok
23:22:39.0835 3568  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:22:39.0928 3568  PNRPAutoReg - ok
23:22:39.0991 3568  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:22:40.0115 3568  PNRPsvc - ok
23:22:40.0162 3568  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:22:40.0334 3568  PolicyAgent - ok
23:22:40.0381 3568  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:22:40.0505 3568  PptpMiniport - ok
23:22:40.0537 3568  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:22:40.0646 3568  Processor - ok
23:22:40.0693 3568  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:22:40.0802 3568  ProfSvc - ok
23:22:40.0833 3568  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:22:40.0895 3568  ProtectedStorage - ok
23:22:40.0942 3568  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:22:41.0036 3568  PSched - ok
23:22:41.0067 3568  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
23:22:41.0129 3568  PSDFilter - ok
23:22:41.0176 3568  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
23:22:41.0239 3568  PSDNServ - ok
23:22:41.0270 3568  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
23:22:41.0317 3568  psdvdisk - ok
23:22:41.0410 3568  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:22:41.0582 3568  ql2300 - ok
23:22:41.0629 3568  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:22:41.0691 3568  ql40xx - ok
23:22:41.0722 3568  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
23:22:41.0816 3568  QWAVE - ok
23:22:41.0847 3568  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:22:41.0909 3568  QWAVEdrv - ok
23:22:41.0941 3568  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:22:42.0050 3568  RasAcd - ok
23:22:42.0097 3568  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
23:22:42.0237 3568  RasAuto - ok
23:22:42.0268 3568  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:22:42.0409 3568  Rasl2tp - ok
23:22:42.0455 3568  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:22:42.0596 3568  RasMan - ok
23:22:42.0643 3568  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:22:42.0736 3568  RasPppoe - ok
23:22:42.0799 3568  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:22:42.0845 3568  RasSstp - ok
23:22:42.0892 3568  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:22:43.0001 3568  rdbss - ok
23:22:43.0048 3568  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:22:43.0173 3568  RDPCDD - ok
23:22:43.0313 3568  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:22:43.0438 3568  rdpdr - ok
23:22:43.0469 3568  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:22:43.0579 3568  RDPENCDD - ok
23:22:43.0641 3568  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:22:43.0719 3568  RDPWD - ok
23:22:43.0766 3568  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:22:43.0891 3568  RemoteAccess - ok
23:22:43.0953 3568  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:22:44.0062 3568  RemoteRegistry - ok
23:22:44.0109 3568  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
23:22:44.0187 3568  RpcLocator - ok
23:22:44.0234 3568  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
23:22:44.0359 3568  RpcSs - ok
23:22:44.0405 3568  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:22:44.0546 3568  rspndr - ok
23:22:44.0593 3568  [ C853AE16CCF5033C0CBA0855390F5C7F ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
23:22:44.0655 3568  RTHDMIAzAudService - ok
23:22:44.0671 3568  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
23:22:44.0733 3568  SamSs - ok
23:22:44.0780 3568  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:22:44.0827 3568  sbp2port - ok
23:22:44.0873 3568  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:22:44.0983 3568  SCardSvr - ok
23:22:45.0045 3568  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
23:22:45.0217 3568  Schedule - ok
23:22:45.0248 3568  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:22:45.0341 3568  SCPolicySvc - ok
23:22:45.0388 3568  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:22:45.0482 3568  SDRSVC - ok
23:22:45.0513 3568  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:22:45.0731 3568  secdrv - ok
23:22:45.0763 3568  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
23:22:45.0887 3568  seclogon - ok
23:22:45.0934 3568  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
23:22:46.0059 3568  SENS - ok
23:22:46.0090 3568  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:22:46.0293 3568  Serenum - ok
23:22:46.0355 3568  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
23:22:46.0558 3568  Serial - ok
23:22:46.0589 3568  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:22:46.0714 3568  sermouse - ok
23:22:46.0792 3568  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:22:46.0917 3568  SessionEnv - ok
23:22:46.0948 3568  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:22:47.0026 3568  sffdisk - ok
23:22:47.0057 3568  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:22:47.0198 3568  sffp_mmc - ok
23:22:47.0213 3568  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:22:47.0338 3568  sffp_sd - ok
23:22:47.0354 3568  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:22:47.0588 3568  sfloppy - ok
23:22:47.0650 3568  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:22:47.0791 3568  SharedAccess - ok
23:22:47.0853 3568  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:22:47.0947 3568  ShellHWDetection - ok
23:22:47.0978 3568  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:22:48.0040 3568  sisagp - ok
23:22:48.0071 3568  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:22:48.0134 3568  SiSRaid2 - ok
23:22:48.0165 3568  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:22:48.0227 3568  SiSRaid4 - ok
23:22:48.0430 3568  [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:22:48.0773 3568  Skype C2C Service - ok
23:22:48.0851 3568  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:22:48.0898 3568  SkypeUpdate - ok
23:22:49.0101 3568  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
23:22:49.0507 3568  slsvc - ok
23:22:49.0553 3568  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:22:49.0663 3568  SLUINotify - ok
23:22:49.0709 3568  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:22:49.0834 3568  Smb - ok
23:22:49.0897 3568  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:22:49.0990 3568  SNMPTRAP - ok
23:22:50.0021 3568  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
23:22:50.0084 3568  spldr - ok
23:22:50.0131 3568  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
23:22:50.0224 3568  Spooler - ok
23:22:50.0287 3568  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:22:50.0380 3568  srv - ok
23:22:50.0443 3568  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:22:50.0521 3568  srv2 - ok
23:22:50.0552 3568  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:22:50.0614 3568  srvnet - ok
23:22:50.0677 3568  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:22:50.0833 3568  SSDPSRV - ok
23:22:50.0879 3568  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:22:50.0957 3568  SstpSvc - ok
23:22:51.0035 3568  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:22:51.0207 3568  stisvc - ok
23:22:51.0254 3568  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:22:51.0316 3568  swenum - ok
23:22:51.0379 3568  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
23:22:51.0503 3568  swprv - ok
23:22:51.0535 3568  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:22:51.0581 3568  Symc8xx - ok
23:22:51.0613 3568  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:22:51.0675 3568  Sym_hi - ok
23:22:51.0706 3568  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:22:51.0753 3568  Sym_u3 - ok
23:22:51.0815 3568  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
23:22:51.0971 3568  SysMain - ok
23:22:52.0018 3568  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:22:52.0127 3568  TabletInputService - ok
23:22:52.0159 3568  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:22:52.0299 3568  TapiSrv - ok
23:22:52.0346 3568  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
23:22:52.0502 3568  TBS - ok
23:22:52.0580 3568  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:22:52.0736 3568  Tcpip - ok
23:22:52.0814 3568  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:22:52.0970 3568  Tcpip6 - ok
23:22:53.0017 3568  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:22:53.0079 3568  tcpipreg - ok
23:22:53.0126 3568  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:22:53.0251 3568  TDPIPE - ok
23:22:53.0375 3568  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:22:53.0485 3568  TDTCP - ok
23:22:53.0516 3568  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:22:53.0625 3568  tdx - ok
23:22:53.0672 3568  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:22:53.0734 3568  TermDD - ok
23:22:53.0781 3568  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
23:22:53.0921 3568  TermService - ok
23:22:53.0968 3568  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
23:22:54.0046 3568  Themes - ok
23:22:54.0077 3568  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:22:54.0202 3568  THREADORDER - ok
23:22:54.0249 3568  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
23:22:54.0405 3568  TrkWks - ok
23:22:54.0467 3568  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:22:54.0545 3568  TrustedInstaller - ok
23:22:54.0608 3568  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:22:54.0733 3568  tssecsrv - ok
23:22:54.0764 3568  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:22:54.0826 3568  tunmp - ok
23:22:54.0873 3568  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:22:54.0935 3568  tunnel - ok
23:22:54.0982 3568  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:22:55.0045 3568  uagp35 - ok
23:22:55.0091 3568  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:22:55.0154 3568  UBHelper - ok
23:22:55.0216 3568  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:22:55.0325 3568  udfs - ok
23:22:55.0388 3568  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:22:55.0528 3568  UI0Detect - ok
23:22:55.0559 3568  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:22:55.0622 3568  uliagpkx - ok
23:22:55.0669 3568  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:22:55.0747 3568  uliahci - ok
23:22:55.0778 3568  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:22:55.0840 3568  UlSata - ok
23:22:55.0871 3568  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:22:55.0934 3568  ulsata2 - ok
23:22:55.0981 3568  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:22:56.0090 3568  umbus - ok
23:22:56.0137 3568  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:22:56.0293 3568  upnphost - ok
23:22:56.0371 3568  [ 93CCCF9D7495A071F9E1C6E6A7C51851 ] UsbC            C:\Windows\system32\Drivers\rcusbwdm.sys
23:22:56.0417 3568  UsbC - ok
23:22:56.0464 3568  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:22:56.0558 3568  usbccgp - ok
23:22:56.0589 3568  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:22:56.0792 3568  usbcir - ok
23:22:56.0854 3568  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:22:56.0948 3568  usbehci - ok
23:22:57.0010 3568  [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
23:22:57.0057 3568  usbfilter - ok
23:22:57.0088 3568  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:22:57.0197 3568  usbhub - ok
23:22:57.0213 3568  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:22:57.0307 3568  usbohci - ok
23:22:57.0353 3568  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:22:57.0463 3568  usbprint - ok
23:22:57.0509 3568  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:22:57.0587 3568  usbscan - ok
23:22:57.0634 3568  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:22:57.0712 3568  USBSTOR - ok
23:22:57.0759 3568  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:22:57.0853 3568  usbuhci - ok
23:22:57.0899 3568  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:22:58.0024 3568  usbvideo - ok
23:22:58.0071 3568  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
23:22:58.0211 3568  UxSms - ok
23:22:58.0258 3568  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
23:22:58.0445 3568  vds - ok
23:22:58.0477 3568  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:22:58.0601 3568  vga - ok
23:22:58.0633 3568  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:22:58.0757 3568  VgaSave - ok
23:22:58.0789 3568  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:22:58.0851 3568  viaagp - ok
23:22:58.0882 3568  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:22:58.0991 3568  ViaC7 - ok
23:22:59.0023 3568  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
23:22:59.0085 3568  viaide - ok
23:22:59.0116 3568  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:22:59.0179 3568  volmgr - ok
23:22:59.0225 3568  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:22:59.0319 3568  volmgrx - ok
23:22:59.0366 3568  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:22:59.0444 3568  volsnap - ok
23:22:59.0491 3568  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:22:59.0569 3568  vsmraid - ok
23:22:59.0647 3568  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
23:22:59.0865 3568  VSS - ok
23:22:59.0896 3568  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
23:23:00.0037 3568  W32Time - ok
23:23:00.0099 3568  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:23:00.0333 3568  WacomPen - ok
23:23:00.0364 3568  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:23:00.0458 3568  Wanarp - ok
23:23:00.0473 3568  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:23:00.0567 3568  Wanarpv6 - ok
23:23:00.0614 3568  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:23:00.0723 3568  wcncsvc - ok
23:23:00.0770 3568  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:23:00.0879 3568  WcsPlugInService - ok
23:23:00.0910 3568  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
23:23:00.0973 3568  Wd - ok
23:23:01.0035 3568  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:23:01.0144 3568  Wdf01000 - ok
23:23:01.0160 3568  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:23:01.0316 3568  WdiServiceHost - ok
23:23:01.0331 3568  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:23:01.0456 3568  WdiSystemHost - ok
23:23:01.0534 3568  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
23:23:01.0643 3568  WebClient - ok
23:23:01.0690 3568  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:23:01.0784 3568  Wecsvc - ok
23:23:01.0799 3568  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:23:01.0924 3568  wercplsupport - ok
23:23:01.0971 3568  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:23:02.0096 3568  WerSvc - ok
23:23:02.0158 3568  [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:23:02.0314 3568  winachsf - ok
23:23:02.0377 3568  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:23:02.0470 3568  WinDefend - ok
23:23:02.0486 3568  WinHttpAutoProxySvc - ok
23:23:02.0564 3568  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:23:02.0657 3568  Winmgmt - ok
23:23:02.0751 3568  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:23:02.0969 3568  WinRM - ok
23:23:03.0063 3568  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:23:03.0203 3568  Wlansvc - ok
23:23:03.0250 3568  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:23:03.0344 3568  WmiAcpi - ok
23:23:03.0406 3568  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:23:03.0515 3568  wmiApSrv - ok
23:23:03.0593 3568  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:23:03.0734 3568  WMPNetworkSvc - ok
23:23:03.0781 3568  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:23:03.0890 3568  WPCSvc - ok
23:23:03.0952 3568  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:23:04.0077 3568  WPDBusEnum - ok
23:23:04.0186 3568  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:23:04.0311 3568  WPFFontCache_v0400 - ok
23:23:04.0342 3568  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:23:04.0467 3568  ws2ifsl - ok
23:23:04.0514 3568  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
23:23:04.0623 3568  wscsvc - ok
23:23:04.0639 3568  WSearch - ok
23:23:04.0795 3568  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:23:05.0091 3568  wuauserv - ok
23:23:05.0169 3568  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:23:05.0294 3568  WUDFRd - ok
23:23:05.0341 3568  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:23:05.0481 3568  wudfsvc - ok
23:23:05.0497 3568  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
23:23:05.0559 3568  XAudio - ok
23:23:05.0606 3568  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
23:23:05.0731 3568  XAudioService - ok
23:23:05.0824 3568  [ 74EC37B9EAF9FCA015B933A526825C7A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
23:23:05.0871 3568  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
23:23:05.0902 3568  ================ Scan global ===============================
23:23:05.0949 3568  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:23:05.0996 3568  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:23:06.0074 3568  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:23:06.0136 3568  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:23:06.0167 3568  [Global] - ok
23:23:06.0167 3568  ================ Scan MBR ==================================
23:23:06.0183 3568  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
23:23:09.0100 3568  \Device\Harddisk0\DR0 - ok
23:23:09.0116 3568  [ 1EBA10880B5D8F9F0D30673B83DA68B9 ] \Device\Harddisk1\DR1
23:23:10.0270 3568  \Device\Harddisk1\DR1 - ok
23:23:10.0270 3568  ================ Scan VBR ==================================
23:23:10.0286 3568  [ 24DFC6FCE69A1961DFA49F6E3B604585 ] \Device\Harddisk0\DR0\Partition1
23:23:10.0301 3568  \Device\Harddisk0\DR0\Partition1 - ok
23:23:10.0364 3568  [ 869B29E8A100A7946EA3BE4E40C99E08 ] \Device\Harddisk0\DR0\Partition2
23:23:10.0364 3568  \Device\Harddisk0\DR0\Partition2 - ok
23:23:10.0379 3568  [ FC24BF15A9BC4FAD323D4589A48D4D83 ] \Device\Harddisk1\DR1\Partition1
23:23:10.0395 3568  \Device\Harddisk1\DR1\Partition1 - ok
23:23:10.0395 3568  ============================================================
23:23:10.0395 3568  Scan finished
23:23:10.0395 3568  ============================================================
23:23:10.0442 2732  Detected object count: 7
23:23:10.0442 2732  Actual detected object count: 7
23:23:34.0481 2732  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0481 2732  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0481 2732  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0481 2732  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0497 2732  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0497 2732  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0497 2732  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0497 2732  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0513 2732  NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0513 2732  NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0528 2732  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0528 2732  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:23:34.0528 2732  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:23:34.0528 2732  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 10.09.2012, 16:28

War über das WE nicht oft am Rechner!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

07.09.2012, 11:43	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert

Plagegeister aller Art und deren Bekämpfung: Trojaner: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert