Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Meldung: tcbhn wurde beendet und geschlossen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2013, 13:18   #1
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Hallöchen,

ich habe seit mehreren Wochen eine Meldung nachdem ich meinen PC hochgefahren habe.
(tcbhn wurde beendet und geschlossen) Im Forum habe ich diverse Themen gefunden, die das gleiche Problem beschreiben. Da aber von Euch immer darauf hingewiesen wurde, dass man nicht einfach die gleichen Schritte machen soll, habe ich mich hier mal angemeldet. Ich muss ehrlich gestehen, dass ich nicht viel Ahnung habe und würde mich freuen wenn mir jemand helfen kann den unangenehmen Besucher auf meinem PC zu entfernen.

Ich habe mir Malwarebytes Anti-Maleware heruntergeladen und einen vollständigen Suchlauf gestartet (Testversion)

Folgender Bericht kam zustande:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

16.03.2013 09:43:20
MBAM-log-2013-03-17 (02-31-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402300
Laufzeit: 3 Stunde(n), 48 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 23
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 4
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 80
C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\ack.end (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updatebhoWin32.dll_1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix5.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\93aa59562815aa22d93923c7215ac7f1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\93aa59562815aa22d93923c7215ac7f1_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\5d5c3541c8187f3a48d4f72f4374009c (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\6a8ef73701ad78f92631ccabc37a9b58 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)

Ich habe mir aufgrund der anderen Beiträge schon einmal OTL von Oldtimer heruntergeladen. Nun weiß ich aber nicht weiter. Da ich in dem Maleware Programm nichts in Quarantäne schieben konnte und nicht einfach löschen wollte, habe ich das Programm ohne Aktion wieder geschlossen. Oder schiebt er das automatisch irgendwo hin denn heute wurde mir die Meldung nicht mehr angezeigt? Wie gesagt, ich habe wirklich wenig Ahnung und bin etwas hilflos und würde mich über eine Anleitung zur Entfernung des Trojaners sehr freuen.

Ich hoffe, ich habe alle Regeln befolgt und alle benötigten Infos hier reingestellt.

Ich danke für die Hilfe im Voraus!

Liebe Grüße

Alt 18.03.2013, 11:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 18.03.2013, 19:43   #3
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Hallo und schon einmal für die schnelle Antwort.

Ich habe mir die Schritte durchgelesen und mir ist alles soweit klar aber leider weiß ich nicht wie ich etwas in Code tags posten kann. Da bräuchte ich nochmal etwas Hilfe. Das Netz gibt da leider nicht so viel her. Ich höre das zum ersten Mal und weiß auch nicht in welcher Datei ich das öffnen muss um den Text in dieses Format zu bringen....

Also würde ich mich sehr über eine Anleitung bzw Link zu einer guten Anleitung freuen.

Vielen Dank schon einmal im Voraus!

Beste Grüße
__________________

Alt 18.03.2013, 22:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 20:18   #5
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Schönen guten Abend,

vielen vielen Dank für die Anleitung.
Ich habe wie beschrieben den Scan bei OTL gestartet und folgendes Ergebnis:


Code:
ATTFilter
OTL logfile created on: 19.03.2013 20:17:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 49,85% Memory free
6,08 Gb Paging File | 4,21 Gb Available in Paging File | 69,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 46,04 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,06 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (Blabbers Communications Ltd)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Sarah\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
PRC - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll ()
MOD - C:\Users\Sarah\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocESEmail.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocESUpload.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5735
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{110B16CF-863C-45D4-9673-7ECE6CDC1CD3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=1BCB5FCB-E699-41B8-BDAB-506DD46049B8&apn_sauid=946EB5CE-37A1-4504-8220-9E4C36218550
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE304
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=FQvUIkiwXkRKLSx0ZQqsMfYceGM?q={searchTerms}
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.14.100013
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.08.02 17:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.23 16:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 11:59:01 | 000,000,000 | ---D | M]
 
[2009.10.16 13:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.01.21 17:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions
[2010.10.24 11:38:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.29 07:13:05 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com
[2013.02.17 11:05:38 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions\toolbar@ask.com
[2013.01.21 17:12:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013.01.21 17:12:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire
[2013.01.21 17:12:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.05.15 19:06:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2013.01.21 17:12:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.05.15 19:06:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire
[2013.01.21 17:12:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire
[2013.01.21 17:12:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\93aa59562815aa22d93923c7215ac7f1_expire
[2013.01.21 17:12:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2013.01.21 17:12:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013.01.21 17:12:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2013.01.21 17:12:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013.01.21 17:12:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2013.01.21 17:12:58 | 000,002,412 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\searchplugins\askcom.xml
[2011.12.14 10:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.14 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.12 19:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.03 12:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 18:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.12.14 10:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.03.18 09:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.14 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.12 19:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.03 12:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 18:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=1BCB5FCB-E699-41B8-BDAB-506DD46049B8&apn_ptnrs=U3&apn_sauid=946EB5CE-37A1-4504-8220-9E4C36218550&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin:  (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: AdBlock = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll (Blabbers Communications Ltd)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Sarah\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C7EA20B-06FB-4C6A-B5F2-100C730302C6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD6A6223-4881-4B2D-BF3C-58EC71993208}: DhcpNameServer = 139.7.30.125 139.7.30.126
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\Louis Day\CIMG0461.JPG
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\Louis Day\CIMG0461.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0414788c-8a82-11df-9db5-97b563b7049c}\Shell - "" = AutoRun
O33 - MountPoints2\{0414788c-8a82-11df-9db5-97b563b7049c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{04147890-8a82-11df-9db5-e827cf910fa8}\Shell - "" = AutoRun
O33 - MountPoints2\{04147890-8a82-11df-9db5-e827cf910fa8}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3a9fcf17-77bf-11de-938b-c9d5552ebac6}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9fcf17-77bf-11de-938b-c9d5552ebac6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6f22346e-8594-11de-8a60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6f22346e-8594-11de-8a60-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6f223482-8594-11de-8a60-87ac10912fea}\Shell - "" = AutoRun
O33 - MountPoints2\{6f223482-8594-11de-8a60-87ac10912fea}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7f5fab1e-8a68-11df-a8a9-9036f7d9b1f3}\Shell - "" = AutoRun
O33 - MountPoints2\{7f5fab1e-8a68-11df-a8a9-9036f7d9b1f3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7f5fab20-8a68-11df-a8a9-9036f7d9b1f3}\Shell - "" = AutoRun
O33 - MountPoints2\{7f5fab20-8a68-11df-a8a9-9036f7d9b1f3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e06fff41-8fc9-11de-ba84-a4811fe2bedc}\Shell - "" = AutoRun
O33 - MountPoints2\{e06fff41-8fc9-11de-ba84-a4811fe2bedc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fb783fc2-77c2-11de-9e8b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb783fc2-77c2-11de-9e8b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 14:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.17 14:22:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.17 14:22:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.17 14:22:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.17 14:22:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.17 14:22:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.17 14:22:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.17 14:22:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.17 02:54:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.16 09:41:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.03.16 09:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 09:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 09:41:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.16 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.20 19:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.20 19:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.20 19:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.20 19:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.18 19:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\GinyasBrowserCompanion
[2009.02.11 21:20:05 | 001,164,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah\wlsetup-custom.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 20:18:05 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job
[2013.03.19 20:14:10 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.19 20:14:10 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.19 20:14:10 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.19 20:14:10 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.19 20:11:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Runner.job
[2013.03.19 20:08:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.19 20:07:49 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job
[2013.03.19 20:07:49 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job
[2013.03.19 20:07:39 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job
[2013.03.19 20:07:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 20:07:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:07:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 20:06:08 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.18 20:35:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.18 20:26:46 | 000,002,631 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk
[2013.03.18 20:06:50 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000UA.job
[2013.03.17 02:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.17 02:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2013.03.16 09:41:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.16 09:39:14 | 000,002,084 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2013.02.20 19:18:40 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.19 17:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000Core.job
 
========== Files Created - No Company Name ==========
 
[2013.03.17 02:52:49 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2013.03.16 09:41:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 19:18:40 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.18 19:11:05 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanion Runner.job
[2013.02.18 19:11:00 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job
[2013.02.18 19:10:55 | 000,001,038 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job
[2013.02.18 19:10:48 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job
[2013.02.18 19:10:45 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job
[2013.01.24 19:40:00 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm
[2012.02.01 13:12:09 | 000,007,052 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010.03.22 10:06:21 | 000,001,074 | RH-- | C] () -- C:\Users\Sarah\XrxWm.ini
[2010.03.22 10:06:21 | 000,000,522 | RH-- | C] () -- C:\Users\Sarah\xw45cpdy.dyc
[2009.08.16 12:45:53 | 000,023,552 | ---- | C] () -- C:\Users\Sarah\Australien die Erste.wps
[2009.07.24 19:17:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.24 18:52:15 | 000,055,296 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.03.27 11:14:53 | 000,009,216 | ---- | C] () -- C:\Users\Sarah\Kündigung.wps
[2009.02.09 21:09:23 | 000,000,614 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Ich hoffe, dass das nun im richtigen Format ist. Habe alle Schritte befolgt. Da ich aber nicht weiß wie das in der Vorschau genau aussehen soll, ist das schwer zu sagen. Wenns falsch ist, sag ich schon einmal sorry. Ansonsten würde ich mich freuen zu erfahren wie es weiter geht, damit mein nicht eingeladener Gast aufm PC verschwindet. :-)

Nochmal Danke im Voraus und liebe Grüße!


Alt 20.03.2013, 12:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Meldung: tcbhn wurde beendet und geschlossen

Alt 20.03.2013, 22:38   #7
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Hey vielen Dank für die neuen Anweisungen!

Habe alle Schritte ausgeführt und nach dem zweiten Scan folgendes Ergebnis:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [administrator]

20.03.2013 23:16:56
mbar-log-2013-03-20 (23-16-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31449
Time elapsed: 41 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Mir ist beim rebooten nur noch aufgefallen, dass sich ein schwarzes Fenster öffnet. Oben steht C:\windows\system32\cmd.exe
Er fährt aber trotzdem von alleine hoch. War nur vorher nicht so daher wollte ich es nochmal erwähnen. Ist das normal?

Ich sage auf jeden Fall schon einmal für die schnelle und leicht zu verstehende Hilfe!!! Bin echt begeistert

Beste Grüße

Alt 21.03.2013, 09:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Zitat:
Habe alle Schritte ausgeführt
Nö, das GMER Log fehlt
Außerdem hab ich vorher schon ausführlichst erklärt, du sollst die Logs bitte in CODE-Tags posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 17:21   #9
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Entschuldigung... hätte ich selber drauf kommen können, dass ich wieder in dem Format posten soll und auch GMER (stand da nur nicht). Den GMER habe ich natürlich vorher gemacht. Hier die Datei:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-20 21:28:42
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: 3s6r1jid.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\uwdoypow.sys


---- System - GMER 2.1 ----

SSDT            8CFEB5DE                                                                    ZwCreateSection
SSDT            8CFEB5E8                                                                    ZwRequestWaitReplyPort
SSDT            8CFEB5E3                                                                    ZwSetContextThread
SSDT            8CFEB5ED                                                                    ZwSetSecurityObject
SSDT            8CFEB5F2                                                                    ZwSystemDebugControl
SSDT            8CFEB57F                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                               826B58D8 4 Bytes  [DE, B5, FE, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                               826B5BFC 4 Bytes  [E8, B5, FE, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                               826B5C30 4 Bytes  [E3, B5, FE, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                               826B5C94 4 Bytes  [ED, B5, FE, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 619                                               826B5CDC 4 Bytes  [F2, B5, FE, 8C]
.text           ...                                                                         
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                       entry point in "" section [0x837FD41C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                       unknown last code section [0x837FE000, 0x1000, 0xE0000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[3080] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5  7632B37C 4 Bytes  [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                     Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                     Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                     tcpipBM.SYS
AttachedDevice  \FileSystem\fastfat \Fat                                                    fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export          ?????????????????#??s*??Net??H??????????? ???????e?????325??*6to4mp??S????X??????-???t??{4d36e972-e325-11ce-bfc1-08002be10318}\0077?? ??tunnel?000????6??????T??????????????t???????????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.0.6002.18005:*6to4mp?0??? ?????????????????????#????????????&????????????????????o??? ?????????????????????#????????????????????? ?????????????????????#????????????????????????????????????????????????????? ?????????????????????#????????????????????????????????? ?????????????????????#????????????????????6.0.6002.18005?P??????.??????????????????????m???O??????????? ?????????????????????#?????????????????????????????M???O??????? ?????????????????????#????????.???????????Microsoft-6zu4-Adapter?Ada???????????????????????O??? ????????????N??????&???????&???????????????????D??_2??????Microsoft-6zu4-Adapter #24?894??@nettun.inf,%msft%;Microsoft?-????z??????????S???????????d???e???????????d??????x???? ???????-?????P-A????X??????&???t????????????????:??????5?g65??? ?????????????????????%???????
Reg             HKLM\SYSTEM\ControlSet003\Services\LanmanServer\Linkage@Export              ????????????????????%?h???????????????H?volume_snapshot_install?? ????????????d?????????????????????? |?????????????????? ????????????????????????????????????????P???????????????0??????????t??ai??????????? ???????????????????????????????????????????????????????????K???????L8??????????n?????sNF????????p?? 0?????????????? H?STORAGE\VolumeSnapshot?????????????????????????????????o??????N????????????e??????N??????e????Draip?{533c5b84-ec70-11d2-9505-00c04f79deaf}????????????????????X??????C???F`?{533c5b84-ec70-11d2-9505-00c04f79deaf}\0021???h??????????????LH?VolumeSnapshot???? ???????????????0???<???????????????????????????????????????????`???:???????????@?Standard-Volumeschattenkopie?0??????????????????????????? B?????????????????? ??????????????????????????????0?????????????????x?? ???????????????????????????????????????? ?????????? ??????? ???????????????? ???????????0?B??? ????????? ?????????????10??? ????????????????????????????H??????????????y??? ??????????????????????????????????????????? ?????????????????

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         

Und hier nochmal im richtigen Format Malwarebytes Anti-Rootkit. Der erste Scan:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [administrator]

20.03.2013 22:11:27
mbar-log-2013-03-20 (22-11-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31563
Time elapsed: 29 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
c:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.

Registry Keys Detected: 26
HKLM\SOFTWARE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}\INPROCSERVER32 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\INPROCSERVER32 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GinyasBrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 3
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\Program Files\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.

Files Detected: 80
c:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\ack.end (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\updatebhoWin32.dll_1 (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Delete on reboot.
c:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\fix5.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\93aa59562815aa22d93923c7215ac7f1 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\93aa59562815aa22d93923c7215ac7f1_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\5d5c3541c8187f3a48d4f72f4374009c (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\5d5c3541c8187f3a48d4f72f4374009c_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\6a8ef73701ad78f92631ccabc37a9b58 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\6a8ef73701ad78f92631ccabc37a9b58_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Sarah\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Delete on reboot.

(end)
         
Und hier der zweite Scan nach Cleanup:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.20.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Sarah :: SARAH-PC [administrator]

20.03.2013 23:16:56
mbar-log-2013-03-20 (23-16-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31449
Time elapsed: 41 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Ich hatte heute leider wieder die Fehlermeldung: tcbhn wurde beendet und geschlossen

Danke für die Geduld mit mir und beste Grüße.

Alt 22.03.2013, 09:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2013, 11:04   #11
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Guten Tag,
ich habe alle Schritte ausgeführt. Hier meine Ergebnisse:

aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-22 21:16:05
-----------------------------
21:16:05.339    OS Version: Windows 6.0.6002 Service Pack 2
21:16:05.339    Number of processors: 2 586 0xF0D
21:16:05.346    ComputerName: SARAH-PC  UserName: Sarah
21:16:06.664    Initialize success
21:18:30.538    AVAST engine defs: 13032200
21:18:51.285    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:18:51.293    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
21:18:51.552    Disk 0 MBR read successfully
21:18:51.558    Disk 0 MBR scan
21:18:51.572    Disk 0 unknown MBR code
21:18:51.618    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
21:18:51.653    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       147630 MB offset 20482048
21:18:51.695    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       147613 MB offset 322828288
21:18:51.770    Disk 0 scanning sectors +625139712
21:18:52.112    Disk 0 scanning C:\Windows\system32\drivers
21:19:30.290    Service scanning
21:20:34.498    Modules scanning
21:21:04.690    Disk 0 trace - called modules:
21:21:04.752    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
21:21:04.769    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e68370]
21:21:04.784    3 CLASSPNP.SYS[8a9a18b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85cc3390]
21:21:07.315    AVAST engine scan C:\Windows
21:21:20.601    AVAST engine scan C:\Windows\system32
21:32:21.354    AVAST engine scan C:\Windows\system32\drivers
21:33:24.320    AVAST engine scan C:\Users\Sarah
22:14:33.670    AVAST engine scan C:\ProgramData
22:17:47.144    Scan finished successfully
22:23:33.106    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
22:23:33.122    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"
         
Und hier TDSSKiller:

Code:
ATTFilter
11:50:13.0013 4116  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:50:13.0403 4116  ============================================================
11:50:13.0403 4116  Current date / time: 2013/03/23 11:50:13.0403
11:50:13.0403 4116  SystemInfo:
11:50:13.0403 4116  
11:50:13.0403 4116  OS Version: 6.0.6002 ServicePack: 2.0
11:50:13.0403 4116  Product type: Workstation
11:50:13.0403 4116  ComputerName: SARAH-PC
11:50:13.0403 4116  UserName: Sarah
11:50:13.0403 4116  Windows directory: C:\Windows
11:50:13.0403 4116  System windows directory: C:\Windows
11:50:13.0403 4116  Processor architecture: Intel x86
11:50:13.0403 4116  Number of processors: 2
11:50:13.0403 4116  Page size: 0x1000
11:50:13.0403 4116  Boot type: Normal boot
11:50:13.0403 4116  ============================================================
11:50:19.0434 4116  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:50:19.0451 4116  ============================================================
11:50:19.0451 4116  \Device\Harddisk0\DR0:
11:50:19.0463 4116  MBR partitions:
11:50:19.0463 4116  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000
11:50:19.0463 4116  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800
11:50:19.0463 4116  ============================================================
11:50:19.0861 4116  C: <-> \Device\Harddisk0\DR0\Partition1
11:50:20.0017 4116  D: <-> \Device\Harddisk0\DR0\Partition2
11:50:20.0018 4116  ============================================================
11:50:20.0018 4116  Initialize success
11:50:20.0018 4116  ============================================================
11:51:30.0581 5888  ============================================================
11:51:30.0581 5888  Scan started
11:51:30.0581 5888  Mode: Manual; SigCheck; TDLFS; 
11:51:30.0581 5888  ============================================================
11:51:47.0537 5888  ================ Scan system memory ========================
11:51:47.0537 5888  System memory - ok
11:51:47.0537 5888  ================ Scan services =============================
11:51:47.0965 5888  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:51:48.0352 5888  ACDaemon - ok
11:51:49.0491 5888  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:51:49.0619 5888  ACPI - ok
11:51:49.0773 5888  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:51:50.0134 5888  adp94xx - ok
11:51:50.0311 5888  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:51:50.0421 5888  adpahci - ok
11:51:50.0452 5888  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:51:50.0674 5888  adpu160m - ok
11:51:50.0752 5888  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:51:51.0232 5888  adpu320 - ok
11:51:51.0310 5888  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:51:51.0959 5888  AeLookupSvc - ok
11:51:52.0238 5888  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
11:51:52.0567 5888  AFD - ok
11:51:52.0676 5888  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
11:51:52.0773 5888  AgereModemAudio - ok
11:51:52.0917 5888  [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
11:51:53.0330 5888  AgereSoftModem - ok
11:51:53.0405 5888  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:51:53.0562 5888  agp440 - ok
11:51:53.0728 5888  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:51:53.0859 5888  aic78xx - ok
11:51:54.0045 5888  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
11:51:54.0600 5888  ALG - ok
11:51:54.0656 5888  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:51:54.0957 5888  aliide - ok
11:51:55.0134 5888  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:51:55.0186 5888  amdagp - ok
11:51:55.0223 5888  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:51:55.0537 5888  amdide - ok
11:51:55.0701 5888  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:51:56.0040 5888  AmdK7 - ok
11:51:56.0081 5888  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:51:56.0370 5888  AmdK8 - ok
11:51:56.0732 5888  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:51:56.0794 5888  AntiVirSchedulerService - ok
11:51:56.0888 5888  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:51:56.0903 5888  AntiVirService - ok
11:51:56.0966 5888  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
11:51:57.0044 5888  Appinfo - ok
11:51:57.0153 5888  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:51:57.0215 5888  Apple Mobile Device - ok
11:51:57.0340 5888  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
11:51:57.0480 5888  arc - ok
11:51:57.0543 5888  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:51:57.0621 5888  arcsas - ok
11:51:57.0746 5888  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:51:58.0214 5888  AsyncMac - ok
11:51:58.0276 5888  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:51:58.0354 5888  atapi - ok
11:51:58.0432 5888  [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr            C:\Windows\system32\DRIVERS\athr.sys
11:51:58.0619 5888  athr - ok
11:51:58.0692 5888  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:51:58.0745 5888  AudioEndpointBuilder - ok
11:51:58.0791 5888  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:51:58.0842 5888  Audiosrv - ok
11:51:58.0909 5888  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:51:58.0972 5888  avgntflt - ok
11:51:59.0028 5888  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:51:59.0099 5888  avipbb - ok
11:51:59.0139 5888  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:51:59.0189 5888  avkmgr - ok
11:51:59.0270 5888  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:51:59.0466 5888  b57nd60x - ok
11:51:59.0607 5888  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:51:59.0714 5888  Beep - ok
11:51:59.0823 5888  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
11:51:59.0964 5888  BFE - ok
11:52:00.0213 5888  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
11:52:00.0610 5888  BITS - ok
11:52:00.0755 5888  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:52:01.0021 5888  blbdrive - ok
11:52:01.0341 5888  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
11:52:01.0420 5888  BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:52:01.0421 5888  BMLoad - detected UnsignedFile.Multi.Generic (1)
11:52:01.0574 5888  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:52:01.0616 5888  Bonjour Service - ok
11:52:01.0663 5888  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:52:01.0767 5888  bowser - ok
11:52:01.0918 5888  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:52:02.0017 5888  BrFiltLo - ok
11:52:02.0033 5888  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:52:02.0110 5888  BrFiltUp - ok
11:52:02.0157 5888  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
11:52:02.0325 5888  Browser - ok
11:52:02.0410 5888  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:52:03.0369 5888  Brserid - ok
11:52:03.0419 5888  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:52:03.0614 5888  BrSerWdm - ok
11:52:03.0743 5888  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:52:04.0106 5888  BrUsbMdm - ok
11:52:04.0203 5888  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:52:04.0485 5888  BrUsbSer - ok
11:52:04.0614 5888  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:52:04.0849 5888  BTHMODEM - ok
11:52:05.0270 5888  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
11:52:05.0279 5888  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
11:52:05.0279 5888  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
11:52:05.0481 5888  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:52:05.0564 5888  cdfs - ok
11:52:05.0691 5888  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:52:05.0806 5888  cdrom - ok
11:52:05.0942 5888  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:52:06.0014 5888  CertPropSvc - ok
11:52:06.0257 5888  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
11:52:06.0622 5888  circlass - ok
11:52:06.0758 5888  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
11:52:07.0243 5888  CLFS - ok
11:52:08.0023 5888  [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
11:52:08.0163 5888  CLHNService ( UnsignedFile.Multi.Generic ) - warning
11:52:08.0163 5888  CLHNService - detected UnsignedFile.Multi.Generic (1)
11:52:09.0037 5888  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:09.0240 5888  clr_optimization_v2.0.50727_32 - ok
11:52:09.0708 5888  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:09.0739 5888  clr_optimization_v4.0.30319_32 - ok
11:52:09.0942 5888  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:10.0191 5888  CmBatt - ok
11:52:10.0238 5888  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:52:10.0332 5888  cmdide - ok
11:52:10.0394 5888  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:52:10.0488 5888  Compbatt - ok
11:52:10.0503 5888  COMSysApp - ok
11:52:10.0581 5888  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:52:10.0722 5888  crcdisk - ok
11:52:10.0815 5888  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:52:10.0940 5888  Crusoe - ok
11:52:11.0174 5888  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:52:11.0361 5888  CryptSvc - ok
11:52:11.0767 5888  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:52:11.0970 5888  DcomLaunch - ok
11:52:12.0422 5888  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:52:12.0516 5888  DfsC - ok
11:52:12.0656 5888  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
11:52:13.0046 5888  DFSR - ok
11:52:13.0124 5888  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:52:13.0202 5888  Dhcp - ok
11:52:13.0264 5888  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
11:52:13.0327 5888  disk - ok
11:52:13.0405 5888  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
11:52:13.0467 5888  DKbFltr - ok
11:52:13.0545 5888  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:52:13.0639 5888  Dnscache - ok
11:52:13.0670 5888  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:52:13.0779 5888  dot3svc - ok
11:52:13.0888 5888  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
11:52:13.0966 5888  DPS - ok
11:52:14.0060 5888  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:52:14.0169 5888  drmkaud - ok
11:52:14.0247 5888  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:52:14.0325 5888  DXGKrnl - ok
11:52:14.0388 5888  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:52:14.0512 5888  E1G60 - ok
11:52:14.0622 5888  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
11:52:14.0684 5888  EapHost - ok
11:52:14.0762 5888  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:52:14.0840 5888  Ecache - ok
11:52:15.0136 5888  [ 2CE2DDCB1A41ED4488A2A8B98D286B3D ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
11:52:15.0214 5888  eDataSecurity Service - ok
11:52:15.0292 5888  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:52:15.0386 5888  ehRecvr - ok
11:52:15.0433 5888  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
11:52:15.0526 5888  ehSched - ok
11:52:15.0573 5888  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
11:52:15.0620 5888  ehstart - ok
11:52:15.0698 5888  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:52:15.0854 5888  elxstor - ok
11:52:15.0948 5888  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:52:16.0104 5888  EMDMgmt - ok
11:52:16.0197 5888  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:52:16.0338 5888  ErrDev - ok
11:52:16.0431 5888  [ A51FD9DF23720485991F56741BBEFCFB ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
11:52:16.0462 5888  ETService ( UnsignedFile.Multi.Generic ) - warning
11:52:16.0462 5888  ETService - detected UnsignedFile.Multi.Generic (1)
11:52:16.0556 5888  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
11:52:16.0603 5888  EventSystem - ok
11:52:16.0696 5888  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
11:52:16.0821 5888  ewusbnet - ok
11:52:16.0899 5888  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
11:52:17.0024 5888  exfat - ok
11:52:17.0149 5888  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:52:17.0305 5888  fastfat - ok
11:52:17.0337 5888  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:52:17.0462 5888  fdc - ok
11:52:17.0524 5888  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:52:17.0571 5888  fdPHost - ok
11:52:17.0665 5888  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:52:17.0836 5888  FDResPub - ok
11:52:17.0977 5888  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:52:18.0039 5888  FileInfo - ok
11:52:18.0101 5888  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:52:18.0211 5888  Filetrace - ok
11:52:18.0257 5888  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:18.0491 5888  flpydisk - ok
11:52:18.0569 5888  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:52:18.0679 5888  FltMgr - ok
11:52:18.0913 5888  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
11:52:19.0240 5888  FontCache - ok
11:52:19.0366 5888  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:52:19.0475 5888  FontCache3.0.0.0 - ok
11:52:19.0600 5888  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
11:52:19.0662 5888  fssfltr - ok
11:52:19.0959 5888  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:52:20.0333 5888  fsssvc - ok
11:52:20.0427 5888  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:52:20.0520 5888  Fs_Rec - ok
11:52:20.0552 5888  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:52:20.0614 5888  gagp30kx - ok
11:52:20.0661 5888  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:52:20.0739 5888  GEARAspiWDM - ok
11:52:20.0832 5888  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:52:20.0848 5888  GoogleDesktopManager-051210-111108 - ok
11:52:20.0988 5888  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:52:21.0332 5888  gpsvc - ok
11:52:21.0472 5888  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9afc493452e3b C:\Program Files\Google\Update\GoogleUpdate.exe
11:52:21.0503 5888  gupdate1c9afc493452e3b - ok
11:52:21.0550 5888  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:52:21.0581 5888  gupdatem - ok
11:52:21.0675 5888  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:52:21.0753 5888  gusvc - ok
11:52:21.0831 5888  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:52:22.0096 5888  HdAudAddService - ok
11:52:22.0236 5888  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:52:22.0377 5888  HDAudBus - ok
11:52:22.0517 5888  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:52:22.0689 5888  HidBth - ok
11:52:22.0736 5888  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:52:22.0938 5888  HidIr - ok
11:52:23.0048 5888  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
11:52:23.0500 5888  hidserv - ok
11:52:23.0703 5888  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:52:23.0843 5888  HidUsb - ok
11:52:23.0906 5888  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:52:23.0984 5888  hkmsvc - ok
11:52:24.0062 5888  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:52:24.0155 5888  HpCISSs - ok
11:52:24.0233 5888  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:52:24.0327 5888  HSFHWAZL - ok
11:52:24.0514 5888  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:52:24.0686 5888  HSF_DPV - ok
11:52:24.0873 5888  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:52:25.0029 5888  HTTP - ok
11:52:25.0232 5888  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:52:25.0356 5888  hwdatacard - ok
11:52:25.0434 5888  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
11:52:25.0528 5888  hwusbfake - ok
11:52:25.0606 5888  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:52:25.0653 5888  i2omp - ok
11:52:25.0715 5888  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:52:25.0809 5888  i8042prt - ok
11:52:25.0980 5888  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:52:26.0090 5888  iaStorV - ok
11:52:26.0199 5888  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:52:26.0355 5888  idsvc - ok
11:52:27.0369 5888  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:52:28.0367 5888  igfx - ok
11:52:28.0430 5888  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:52:28.0492 5888  iirsp - ok
11:52:28.0648 5888  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:52:28.0788 5888  IKEEXT - ok
11:52:28.0866 5888  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Windows\system32\drivers\int15.sys
11:52:29.0007 5888  int15 - ok
11:52:29.0475 5888  [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:52:30.0005 5888  IntcAzAudAddService - ok
11:52:30.0052 5888  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:52:30.0114 5888  intelide - ok
11:52:30.0177 5888  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:52:30.0239 5888  intelppm - ok
11:52:30.0317 5888  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:52:30.0411 5888  IPBusEnum - ok
11:52:30.0442 5888  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:30.0504 5888  IpFilterDriver - ok
11:52:30.0629 5888  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:52:30.0723 5888  iphlpsvc - ok
11:52:30.0738 5888  IpInIp - ok
11:52:30.0801 5888  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:52:30.0926 5888  IPMIDRV - ok
11:52:31.0004 5888  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:52:31.0128 5888  IPNAT - ok
11:52:31.0284 5888  [ 02682AE021F0FB92F5768B49776B8B5B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:52:31.0331 5888  iPod Service - ok
11:52:31.0409 5888  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
11:52:31.0518 5888  irda - ok
11:52:31.0551 5888  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:52:31.0629 5888  IRENUM - ok
11:52:31.0707 5888  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll
11:52:31.0816 5888  Irmon - ok
11:52:31.0863 5888  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:52:31.0941 5888  isapnp - ok
11:52:32.0034 5888  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:52:32.0065 5888  iScsiPrt - ok
11:52:32.0097 5888  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:52:32.0143 5888  iteatapi - ok
11:52:32.0175 5888  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:52:32.0237 5888  iteraid - ok
11:52:32.0284 5888  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:32.0362 5888  kbdclass - ok
11:52:32.0393 5888  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:52:32.0502 5888  kbdhid - ok
11:52:32.0566 5888  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
11:52:32.0644 5888  KeyIso - ok
11:52:32.0768 5888  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:52:32.0909 5888  KSecDD - ok
11:52:32.0971 5888  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:52:33.0096 5888  KtmRm - ok
11:52:33.0190 5888  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:52:33.0268 5888  LanmanServer - ok
11:52:33.0392 5888  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:52:33.0470 5888  LanmanWorkstation - ok
11:52:33.0548 5888  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:52:33.0596 5888  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:52:33.0596 5888  LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:52:33.0643 5888  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:52:33.0737 5888  lltdio - ok
11:52:33.0830 5888  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:52:33.0955 5888  lltdsvc - ok
11:52:34.0002 5888  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:52:34.0095 5888  lmhosts - ok
11:52:34.0142 5888  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:52:34.0220 5888  LSI_FC - ok
11:52:34.0314 5888  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:52:34.0548 5888  LSI_SAS - ok
11:52:34.0626 5888  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:52:35.0234 5888  LSI_SCSI - ok
11:52:35.0297 5888  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
11:52:35.0421 5888  luafv - ok
11:52:35.0484 5888  [ 6490FE1B088C7199A9B6CE0E04A98A8B ] massfilter      C:\Windows\system32\drivers\massfilter.sys
11:52:35.0843 5888  massfilter - ok
11:52:35.0889 5888  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:52:35.0967 5888  MBAMProtector - ok
11:52:36.0061 5888  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:52:36.0170 5888  MBAMScheduler - ok
11:52:36.0389 5888  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:52:36.0545 5888  MBAMService - ok
11:52:36.0638 5888  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:52:36.0888 5888  Mcx2Svc - ok
11:52:36.0935 5888  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:52:37.0028 5888  megasas - ok
11:52:37.0075 5888  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
11:52:37.0184 5888  MegaSR - ok
11:52:37.0262 5888  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
11:52:37.0371 5888  MMCSS - ok
11:52:37.0449 5888  MobilityService - ok
11:52:37.0481 5888  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
11:52:37.0590 5888  Modem - ok
11:52:37.0637 5888  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:52:37.0715 5888  monitor - ok
11:52:37.0746 5888  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:52:37.0808 5888  mouclass - ok
11:52:37.0839 5888  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:52:37.0964 5888  mouhid - ok
11:52:37.0980 5888  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:52:38.0105 5888  MountMgr - ok
11:52:38.0183 5888  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:52:38.0261 5888  mpio - ok
11:52:38.0354 5888  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:52:38.0432 5888  mpsdrv - ok
11:52:38.0510 5888  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:52:38.0588 5888  MpsSvc - ok
11:52:38.0619 5888  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:52:38.0682 5888  Mraid35x - ok
11:52:38.0744 5888  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:52:38.0838 5888  MRxDAV - ok
11:52:38.0885 5888  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:38.0978 5888  mrxsmb - ok
11:52:39.0025 5888  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:39.0150 5888  mrxsmb10 - ok
11:52:39.0275 5888  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:39.0384 5888  mrxsmb20 - ok
11:52:39.0446 5888  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:52:39.0477 5888  msahci - ok
11:52:39.0571 5888  [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:52:39.0602 5888  MSCamSvc - ok
11:52:39.0680 5888  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:52:39.0743 5888  msdsm - ok
11:52:39.0774 5888  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
11:52:39.0899 5888  MSDTC - ok
11:52:39.0992 5888  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:52:40.0101 5888  Msfs - ok
11:52:40.0195 5888  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:52:40.0647 5888  msisadrv - ok
11:52:40.0725 5888  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:52:40.0835 5888  MSiSCSI - ok
11:52:40.0850 5888  msiserver - ok
11:52:40.0897 5888  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:52:40.0975 5888  MSKSSRV - ok
11:52:40.0991 5888  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:41.0053 5888  MSPCLOCK - ok
11:52:41.0069 5888  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:52:41.0178 5888  MSPQM - ok
11:52:41.0240 5888  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:52:41.0349 5888  MsRPC - ok
11:52:41.0381 5888  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:52:41.0412 5888  mssmbios - ok
11:52:41.0459 5888  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:52:41.0583 5888  MSTEE - ok
11:52:41.0630 5888  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
11:52:41.0693 5888  Mup - ok
11:52:41.0802 5888  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
11:52:41.0849 5888  napagent - ok
11:52:41.0927 5888  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:52:41.0989 5888  NativeWifiP - ok
11:52:42.0067 5888  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:52:42.0114 5888  NDIS - ok
11:52:42.0161 5888  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:42.0254 5888  NdisTapi - ok
11:52:42.0270 5888  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:42.0363 5888  Ndisuio - ok
11:52:42.0441 5888  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:42.0551 5888  NdisWan - ok
11:52:42.0660 5888  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:52:42.0753 5888  NDProxy - ok
11:52:42.0816 5888  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:52:42.0909 5888  NetBIOS - ok
11:52:43.0019 5888  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:52:43.0112 5888  netbt - ok
11:52:43.0175 5888  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
11:52:43.0206 5888  Netlogon - ok
11:52:43.0284 5888  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
11:52:43.0377 5888  Netman - ok
11:52:43.0424 5888  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
11:52:43.0580 5888  netprofm - ok
11:52:43.0611 5888  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:43.0674 5888  NetTcpPortSharing - ok
11:52:43.0767 5888  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:52:43.0845 5888  nfrd960 - ok
11:52:43.0923 5888  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:52:43.0986 5888  NlaSvc - ok
11:52:44.0048 5888  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:52:44.0220 5888  Npfs - ok
11:52:44.0251 5888  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
11:52:44.0438 5888  NSCIRDA - ok
11:52:44.0469 5888  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
11:52:44.0547 5888  nsi - ok
11:52:44.0563 5888  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:52:44.0688 5888  nsiproxy - ok
11:52:44.0860 5888  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:52:45.0250 5888  Ntfs - ok
11:52:45.0266 5888  [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:52:45.0297 5888  NTIBackupSvc - ok
11:52:45.0375 5888  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
11:52:45.0438 5888  NTIDrvr - ok
11:52:45.0484 5888  [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
11:52:45.0609 5888  NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
11:52:45.0609 5888  NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
11:52:45.0640 5888  [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:52:45.0672 5888  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
11:52:45.0672 5888  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
11:52:45.0953 5888  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:52:46.0141 5888  ntrigdigi - ok
11:52:46.0219 5888  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
11:52:46.0515 5888  Null - ok
11:52:46.0546 5888  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:52:46.0577 5888  nvraid - ok
11:52:46.0609 5888  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:52:46.0718 5888  nvstor - ok
11:52:46.0889 5888  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:52:46.0983 5888  nv_agp - ok
11:52:46.0983 5888  NwlnkFlt - ok
11:52:46.0999 5888  NwlnkFwd - ok
11:52:47.0233 5888  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:52:47.0373 5888  odserv - ok
11:52:47.0420 5888  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:52:47.0576 5888  ohci1394 - ok
11:52:47.0669 5888  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:47.0747 5888  ose - ok
11:52:47.0872 5888  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:52:48.0091 5888  p2pimsvc - ok
11:52:48.0200 5888  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:52:48.0278 5888  p2psvc - ok
11:52:48.0325 5888  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
11:52:48.0465 5888  Parport - ok
11:52:48.0543 5888  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:52:48.0605 5888  partmgr - ok
11:52:48.0652 5888  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:52:48.0777 5888  Parvdm - ok
11:52:48.0824 5888  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:52:48.0995 5888  PcaSvc - ok
11:52:49.0058 5888  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
11:52:49.0089 5888  pci - ok
11:52:49.0151 5888  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
11:52:49.0198 5888  pciide - ok
11:52:49.0245 5888  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:49.0323 5888  pcmcia - ok
11:52:49.0495 5888  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:52:49.0791 5888  PEAUTH - ok
11:52:49.0916 5888  [ D2D2FA02B722336960EEAE0AE7107891 ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
11:52:50.0150 5888  PID_0928 - ok
11:52:50.0399 5888  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
11:52:50.0571 5888  pla - ok
11:52:50.0649 5888  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:52:50.0727 5888  PlugPlay - ok
11:52:50.0836 5888  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:52:50.0961 5888  PNRPAutoReg - ok
11:52:50.0992 5888  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:52:51.0055 5888  PNRPsvc - ok
11:52:51.0117 5888  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:52:51.0304 5888  PolicyAgent - ok
11:52:51.0367 5888  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:52:51.0460 5888  PptpMiniport - ok
11:52:51.0476 5888  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
11:52:51.0569 5888  Processor - ok
11:52:51.0647 5888  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:52:51.0694 5888  ProfSvc - ok
11:52:51.0725 5888  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:52:51.0757 5888  ProtectedStorage - ok
11:52:51.0850 5888  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:52:51.0928 5888  PSched - ok
11:52:51.0975 5888  [ 1DCBB35090CC4B2BD3D661E6089523C6 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
11:52:52.0006 5888  PSDFilter - ok
11:52:52.0069 5888  [ E26E46D619469964AC3609620F443867 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
11:52:52.0131 5888  PSDNServ - ok
11:52:52.0209 5888  [ 3E1D134AF2806867D06047C4CC33CC65 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
11:52:52.0318 5888  psdvdisk - ok
11:52:52.0443 5888  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:52:52.0724 5888  ql2300 - ok
11:52:52.0786 5888  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:52:52.0833 5888  ql40xx - ok
11:52:52.0942 5888  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
11:52:53.0020 5888  QWAVE - ok
11:52:53.0051 5888  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:52:53.0114 5888  QWAVEdrv - ok
11:52:53.0145 5888  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:52:53.0239 5888  RasAcd - ok
11:52:53.0332 5888  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
11:52:53.0410 5888  RasAuto - ok
11:52:53.0473 5888  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:53.0582 5888  Rasl2tp - ok
11:52:53.0675 5888  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
11:52:53.0769 5888  RasMan - ok
11:52:53.0816 5888  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:53.0909 5888  RasPppoe - ok
11:52:53.0972 5888  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:52:54.0034 5888  RasSstp - ok
11:52:54.0128 5888  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:52:54.0268 5888  rdbss - ok
11:52:54.0346 5888  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:54.0455 5888  RDPCDD - ok
11:52:54.0502 5888  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:52:54.0658 5888  rdpdr - ok
11:52:54.0689 5888  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:52:54.0799 5888  RDPENCDD - ok
11:52:54.0877 5888  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:52:55.0001 5888  RDPWD - ok
11:52:55.0095 5888  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:52:55.0173 5888  RemoteAccess - ok
11:52:55.0204 5888  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:52:55.0267 5888  RemoteRegistry - ok
11:52:55.0485 5888  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
11:52:55.0547 5888  RichVideo - ok
11:52:55.0610 5888  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
11:52:55.0703 5888  RpcLocator - ok
11:52:55.0797 5888  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
11:52:55.0859 5888  RpcSs - ok
11:52:55.0937 5888  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:52:56.0078 5888  rspndr - ok
11:52:56.0125 5888  [ 9EA88492B1DAB90DCE43A6F2C0E133BD ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
11:52:56.0234 5888  RTSTOR - ok
11:52:56.0327 5888  [ 594FF5620661D1386475406E78CB6F2F ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
11:52:56.0359 5888  s0017bus - ok
11:52:56.0483 5888  [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
11:52:56.0577 5888  s0017mdfl - ok
11:52:56.0671 5888  [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
11:52:56.0795 5888  s0017mdm - ok
11:52:56.0905 5888  [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
11:52:56.0967 5888  s0017mgmt - ok
11:52:57.0014 5888  [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
11:52:57.0076 5888  s0017nd5 - ok
11:52:57.0123 5888  [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
11:52:57.0201 5888  s0017obex - ok
11:52:57.0404 5888  [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
11:52:57.0466 5888  s0017unic - ok
11:52:57.0575 5888  [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus         C:\Windows\system32\DRIVERS\s217bus.sys
11:52:57.0700 5888  s217bus - ok
11:52:57.0763 5888  [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl        C:\Windows\system32\DRIVERS\s217mdfl.sys
11:52:57.0794 5888  s217mdfl - ok
11:52:57.0887 5888  [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm         C:\Windows\system32\DRIVERS\s217mdm.sys
11:52:58.0043 5888  s217mdm - ok
11:52:58.0153 5888  [ DE9562AD0C91E1857D11F65A91EE1A47 ] s217mgmt        C:\Windows\system32\DRIVERS\s217mgmt.sys
11:52:58.0231 5888  s217mgmt - ok
11:52:58.0293 5888  [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5         C:\Windows\system32\DRIVERS\s217nd5.sys
11:52:58.0371 5888  s217nd5 - ok
11:52:58.0418 5888  [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex        C:\Windows\system32\DRIVERS\s217obex.sys
11:52:58.0496 5888  s217obex - ok
11:52:58.0574 5888  [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic        C:\Windows\system32\DRIVERS\s217unic.sys
11:52:58.0667 5888  s217unic - ok
11:52:58.0699 5888  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
11:52:58.0714 5888  SamSs - ok
11:52:58.0761 5888  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:52:58.0870 5888  sbp2port - ok
11:52:58.0933 5888  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:52:58.0964 5888  SCardSvr - ok
11:52:59.0120 5888  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
11:52:59.0260 5888  Schedule - ok
11:52:59.0291 5888  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:52:59.0338 5888  SCPolicySvc - ok
11:52:59.0401 5888  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:52:59.0541 5888  sdbus - ok
11:52:59.0572 5888  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:52:59.0650 5888  SDRSVC - ok
11:52:59.0791 5888  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:52:59.0853 5888  SeaPort - ok
11:52:59.0884 5888  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:53:00.0009 5888  secdrv - ok
11:53:00.0071 5888  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
11:53:00.0165 5888  seclogon - ok
11:53:00.0212 5888  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
11:53:00.0321 5888  SENS - ok
11:53:00.0430 5888  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:53:00.0602 5888  Serenum - ok
11:53:00.0633 5888  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
11:53:00.0789 5888  Serial - ok
11:53:00.0820 5888  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:53:00.0898 5888  sermouse - ok
11:53:00.0976 5888  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:53:01.0039 5888  SessionEnv - ok
11:53:01.0054 5888  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:53:01.0117 5888  sffdisk - ok
11:53:01.0179 5888  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:53:01.0273 5888  sffp_mmc - ok
11:53:01.0288 5888  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:53:01.0429 5888  sffp_sd - ok
11:53:01.0444 5888  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:53:01.0600 5888  sfloppy - ok
11:53:01.0694 5888  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:53:01.0803 5888  SharedAccess - ok
11:53:01.0865 5888  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:53:01.0959 5888  ShellHWDetection - ok
11:53:01.0990 5888  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:53:02.0084 5888  sisagp - ok
11:53:02.0162 5888  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:53:02.0240 5888  SiSRaid2 - ok
11:53:02.0287 5888  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:53:02.0349 5888  SiSRaid4 - ok
11:53:02.0474 5888  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:53:02.0661 5888  SkypeUpdate - ok
11:53:03.0316 5888  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
11:53:04.0377 5888  slsvc - ok
11:53:04.0455 5888  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:53:04.0517 5888  SLUINotify - ok
11:53:04.0564 5888  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:53:04.0673 5888  Smb - ok
11:53:04.0751 5888  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:53:04.0798 5888  SNMPTRAP - ok
11:53:04.0861 5888  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
11:53:04.0907 5888  spldr - ok
11:53:04.0970 5888  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
11:53:05.0032 5888  Spooler - ok
11:53:05.0126 5888  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:53:05.0297 5888  srv - ok
11:53:05.0360 5888  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:53:05.0438 5888  srv2 - ok
11:53:05.0485 5888  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:53:05.0563 5888  srvnet - ok
11:53:05.0656 5888  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:53:05.0734 5888  SSDPSRV - ok
11:53:05.0797 5888  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
11:53:05.0875 5888  ssmdrv - ok
11:53:05.0953 5888  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:53:05.0984 5888  SstpSvc - ok
11:53:06.0155 5888  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
11:53:06.0265 5888  stisvc - ok
11:53:06.0343 5888  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:53:06.0405 5888  swenum - ok
11:53:06.0514 5888  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
11:53:06.0577 5888  swprv - ok
11:53:06.0623 5888  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:53:06.0686 5888  Symc8xx - ok
11:53:06.0717 5888  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:53:06.0764 5888  Sym_hi - ok
11:53:06.0795 5888  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:53:06.0873 5888  Sym_u3 - ok
11:53:06.0951 5888  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:53:07.0060 5888  SynTP - ok
11:53:07.0201 5888  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
11:53:07.0341 5888  SysMain - ok
11:53:07.0403 5888  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:53:07.0450 5888  TabletInputService - ok
11:53:07.0544 5888  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:53:07.0591 5888  TapiSrv - ok
11:53:07.0684 5888  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
11:53:07.0747 5888  TBS - ok
11:53:07.0887 5888  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:53:08.0059 5888  Tcpip - ok
11:53:08.0121 5888  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:53:08.0293 5888  Tcpip6 - ok
11:53:08.0371 5888  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
11:53:08.0417 5888  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:53:08.0417 5888  tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:53:08.0480 5888  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:53:08.0589 5888  tcpipreg - ok
11:53:08.0714 5888  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:53:08.0792 5888  TDPIPE - ok
11:53:08.0917 5888  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:53:09.0026 5888  TDTCP - ok
11:53:09.0073 5888  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:53:09.0197 5888  tdx - ok
11:53:09.0229 5888  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:53:09.0307 5888  TermDD - ok
11:53:09.0353 5888  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
11:53:09.0494 5888  TermService - ok
11:53:09.0572 5888  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
11:53:09.0619 5888  Themes - ok
11:53:09.0650 5888  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:53:09.0712 5888  THREADORDER - ok
11:53:09.0743 5888  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
11:53:09.0821 5888  TrkWks - ok
11:53:09.0931 5888  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:53:10.0009 5888  TrustedInstaller - ok
11:53:10.0071 5888  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:53:10.0180 5888  tssecsrv - ok
11:53:10.0274 5888  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:53:10.0352 5888  tunmp - ok
11:53:10.0414 5888  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:53:10.0492 5888  tunnel - ok
11:53:10.0523 5888  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:53:10.0570 5888  uagp35 - ok
11:53:10.0601 5888  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
11:53:10.0648 5888  UBHelper - ok
11:53:10.0711 5888  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:53:10.0835 5888  udfs - ok
11:53:10.0898 5888  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:53:10.0991 5888  UI0Detect - ok
11:53:11.0038 5888  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:53:11.0101 5888  uliagpkx - ok
11:53:11.0163 5888  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:53:11.0241 5888  uliahci - ok
11:53:11.0272 5888  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:53:11.0366 5888  UlSata - ok
11:53:11.0428 5888  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:53:11.0475 5888  ulsata2 - ok
11:53:11.0506 5888  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:53:11.0615 5888  umbus - ok
11:53:11.0709 5888  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
11:53:11.0803 5888  upnphost - ok
11:53:11.0896 5888  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:53:11.0974 5888  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
11:53:11.0974 5888  USBAAPL - detected UnsignedFile.Multi.Generic (1)
11:53:12.0068 5888  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:53:12.0161 5888  usbaudio - ok
11:53:12.0224 5888  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:53:12.0302 5888  usbccgp - ok
11:53:12.0349 5888  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:53:12.0505 5888  usbcir - ok
11:53:12.0614 5888  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:53:12.0692 5888  usbehci - ok
11:53:12.0754 5888  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:53:12.0879 5888  usbhub - ok
11:53:12.0941 5888  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:53:13.0097 5888  usbohci - ok
11:53:13.0160 5888  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:53:13.0285 5888  usbprint - ok
11:53:13.0331 5888  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:53:13.0441 5888  usbscan - ok
11:53:13.0534 5888  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:53:13.0612 5888  USBSTOR - ok
11:53:13.0659 5888  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:53:13.0737 5888  usbuhci - ok
11:53:13.0768 5888  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:53:13.0971 5888  usbvideo - ok
11:53:14.0127 5888  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
11:53:14.0252 5888  UxSms - ok
11:53:14.0392 5888  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
11:53:14.0517 5888  vds - ok
11:53:14.0611 5888  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:53:14.0689 5888  vga - ok
11:53:14.0704 5888  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:53:14.0829 5888  VgaSave - ok
11:53:14.0860 5888  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:53:14.0923 5888  viaagp - ok
11:53:14.0954 5888  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:53:15.0047 5888  ViaC7 - ok
11:53:15.0063 5888  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
11:53:15.0110 5888  viaide - ok
11:53:15.0267 5888  [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
11:53:15.0298 5888  VMCService ( UnsignedFile.Multi.Generic ) - warning
11:53:15.0298 5888  VMCService - detected UnsignedFile.Multi.Generic (1)
11:53:15.0376 5888  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:53:15.0438 5888  volmgr - ok
11:53:15.0548 5888  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:53:15.0657 5888  volmgrx - ok
11:53:15.0735 5888  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:53:15.0813 5888  volsnap - ok
11:53:15.0844 5888  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:53:15.0891 5888  vsmraid - ok
11:53:16.0031 5888  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
11:53:16.0156 5888  VSS - ok
11:53:16.0468 5888  [ F4FAB0B9D43A65F79FC838C94006F643 ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
11:53:16.0827 5888  VX1000 - ok
11:53:16.0874 5888  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
11:53:16.0936 5888  W32Time - ok
11:53:16.0983 5888  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:53:17.0108 5888  WacomPen - ok
11:53:17.0201 5888  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:53:17.0279 5888  Wanarp - ok
11:53:17.0295 5888  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:53:17.0342 5888  Wanarpv6 - ok
11:53:17.0435 5888  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:53:17.0513 5888  wcncsvc - ok
11:53:17.0576 5888  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:53:17.0654 5888  WcsPlugInService - ok
11:53:17.0700 5888  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
11:53:17.0778 5888  Wd - ok
11:53:17.0888 5888  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:53:18.0012 5888  Wdf01000 - ok
11:53:18.0059 5888  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:53:18.0137 5888  WdiServiceHost - ok
11:53:18.0168 5888  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:53:18.0246 5888  WdiSystemHost - ok
11:53:18.0309 5888  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
11:53:18.0371 5888  WebClient - ok
11:53:18.0449 5888  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:53:18.0527 5888  Wecsvc - ok
11:53:18.0574 5888  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:53:18.0636 5888  wercplsupport - ok
11:53:18.0714 5888  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:53:18.0792 5888  WerSvc - ok
11:53:18.0886 5888  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:53:19.0073 5888  winachsf - ok
11:53:19.0292 5888  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:53:19.0338 5888  WinDefend - ok
11:53:19.0370 5888  WinHttpAutoProxySvc - ok
11:53:19.0479 5888  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:53:19.0541 5888  Winmgmt - ok
11:53:20.0087 5888  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:53:20.0462 5888  WinRM - ok
11:53:20.0680 5888  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:53:20.0883 5888  Wlansvc - ok
11:53:20.0992 5888  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:53:21.0039 5888  WmiAcpi - ok
11:53:21.0117 5888  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:53:21.0164 5888  wmiApSrv - ok
11:53:21.0257 5888  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:53:21.0366 5888  WMPNetworkSvc - ok
11:53:21.0476 5888  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:53:21.0538 5888  WPCSvc - ok
11:53:21.0647 5888  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:53:21.0741 5888  WPDBusEnum - ok
11:53:21.0819 5888  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
11:53:21.0850 5888  WpdUsb - ok
11:53:22.0100 5888  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:53:22.0349 5888  WPFFontCache_v0400 - ok
11:53:22.0412 5888  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:53:22.0568 5888  ws2ifsl - ok
11:53:22.0599 5888  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
11:53:22.0677 5888  wscsvc - ok
11:53:22.0692 5888  WSearch - ok
11:53:22.0880 5888  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:53:23.0020 5888  wuauserv - ok
11:53:23.0129 5888  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:53:23.0192 5888  WudfPf - ok
11:53:23.0254 5888  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:53:23.0316 5888  WUDFRd - ok
11:53:23.0363 5888  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:53:23.0426 5888  wudfsvc - ok
11:53:23.0488 5888  [ 3E1C915C6291AB5D1CFCA680E1BD6BAD ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
11:53:23.0566 5888  yukonwlh - ok
11:53:23.0675 5888  [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
11:53:23.0769 5888  ZTEusbmdm6k - ok
11:53:23.0831 5888  [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
11:53:23.0894 5888  ZTEusbnmea - ok
11:53:23.0940 5888  [ 1D4EB2E5FC4276CD5E9B862D349F68BD ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
11:53:23.0987 5888  ZTEusbser6k - ok
11:53:24.0096 5888  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
11:53:24.0128 5888  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
11:53:24.0174 5888  ================ Scan global ===============================
11:53:24.0237 5888  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:53:24.0330 5888  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:53:24.0393 5888  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:53:24.0471 5888  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:53:24.0486 5888  [Global] - ok
11:53:24.0502 5888  ================ Scan MBR ==================================
11:53:24.0502 5888  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
11:53:30.0556 5888  \Device\Harddisk0\DR0 - ok
11:53:30.0556 5888  ================ Scan VBR ==================================
11:53:30.0790 5888  [ 5B3A8956EE1022E75044C159784E19FF ] \Device\Harddisk0\DR0\Partition1
11:53:30.0805 5888  \Device\Harddisk0\DR0\Partition1 - ok
11:53:30.0837 5888  [ 3E308E7E1D898494DAFAEBF17ABDCF3A ] \Device\Harddisk0\DR0\Partition2
11:53:30.0930 5888  \Device\Harddisk0\DR0\Partition2 - ok
11:53:30.0946 5888  ============================================================
11:53:30.0946 5888  Scan finished
11:53:30.0946 5888  ============================================================
11:53:30.0961 1444  Detected object count: 10
11:53:30.0961 1444  Actual detected object count: 10
11:53:53.0630 1444  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0630 1444  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0630 1444  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0630 1444  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0630 1444  CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0630 1444  CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0630 1444  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0630 1444  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:53:53.0677 1444  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
11:53:53.0677 1444  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:53.0178 4512  Deinitialize success
         

Hoffe alles richtig :-)
Kommt noch mehr?

Danke schön und ein schönes Wochenende!

Alt 23.03.2013, 15:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2013, 21:40   #13
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Schönen guten Abend,

ich habe Combofix durchgeführt. Hatte keine Fehlermeldungen.

Code:
ATTFilter
ComboFix 13-03-24.03 - Sarah 24.03.2013  22:04:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3000.1942 [GMT 1:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-24 bis 2013-03-24  ))))))))))))))))))))))))))))))
.
.
2013-03-24 21:17 . 2013-03-24 21:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-22 20:08 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{095D18E5-4BC4-4C46-A22E-D0F2CB0D00FB}\mpengine.dll
2013-03-22 20:03 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-20 21:34 . 2013-03-20 21:34	31560	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-03-16 08:41 . 2013-03-16 08:41	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Malwarebytes
2013-03-16 08:41 . 2013-03-16 08:41	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-16 08:41 . 2013-03-16 08:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-16 08:41 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2009-10-02 16:26	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-12 02:30 . 2013-01-14 20:02	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 05:26 . 2013-02-16 17:50	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-16 17:50	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-16 17:51	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-16 17:51	2048512	----a-w-	c:\windows\system32\win32k.sys
2010-07-08 17:12 . 2009-11-25 11:46	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2012-12-12 163000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-18 152392]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
tcbhn.lnk - c:\users\Sarah\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-3-21 692888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare Software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-24 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-03-24 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-03-24 c:\windows\Tasks\GinyasBrowserCompanion Runner.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-03-24 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-03-24 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 16:44]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 16:44]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 20:47]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-02 20:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ymu5j2n9.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ArcSoft PhotoStudio 2000 - c:\windows\IsUn0407.exe
AddRemove-Canon ScanGear Toolbox 3.0 - c:\windows\IsUn0407.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-24 22:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-24  22:20:58
ComboFix-quarantined-files.txt  2013-03-24 21:20
.
Vor Suchlauf: 12 Verzeichnis(se), 48.376.000.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 51.222.994.944 Bytes frei
.
- - End Of File - - 5A1DEF7DF523F845A2CA79F3096013AA
         

Und nochmal Danke
Gehts jetzt noch weiter?

Beste Grüße

Alt 25.03.2013, 14:28   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.03.2013, 13:28   #15
Leyla81
 
Meldung: tcbhn wurde beendet und geschlossen - Standard

Meldung: tcbhn wurde beendet und geschlossen



Schönen guten Tag,

danke für die weiteren Schritte. Meine Ergebnisse sehen wie folgt aus:

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.4 (03.29.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sarah on 30.03.2013 at 12:58:43,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_current_user\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\ginyasbrowsercompanion"
Failed to delete: [Folder] "C:\ProgramData\application data\ginyasbrowsercompanion"
Successfully deleted: [Folder] "C:\Users\Sarah\AppData\Roaming\browsercompanion"



~~~ FireFox

Successfully deleted: [File] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\bbrs_002@blabbers.com
Successfully deleted: [Folder] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\ymu5j2n9.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "^U3");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2013.01.21+08.12.48-toolbar010iad-DE-RnJhbmtmdXJ0IEFtIE1haW4sR2VybWFueQ%3D%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0040");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1358784777564");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Frankfurt Am Main,Germany");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "100000027");
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.to", "");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Sarah\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2013 at 13:05:41,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 30/03/2013 um 13:10:32 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Sarah - SARAH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sarah\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\APN
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.5.3 (de)

Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ymu5j2n9.default\prefs.js

Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.46] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.49] : keyword = "ask.com",
Gelöscht [l.52] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=1B[...]
Gelöscht [l.53] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[S1].txt - [8381 octets] - [30/03/2013 13:10:32]

########## EOF - C:\AdwCleaner[S1].txt - [8441 octets] ##########
         

Und hier nochmal OTL:

OTL.txt

Code:
ATTFilter
OTL logfile created on: 30.03.2013 13:21:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop\Tojaner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,22% Memory free
6,09 Gb Paging File | 4,62 Gb Available in Paging File | 75,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 46,22 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,06 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Sarah\Desktop\Tojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe ()
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocESEmail.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocESUpload.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Programme\OpenOffice.org 3\Basis\program\nsldap32v50.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\swriter.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\Basis\program\libxslt.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\SysHook.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Programme\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Sarah\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5735
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{110B16CF-863C-45D4-9673-7ECE6CDC1CD3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=1BCB5FCB-E699-41B8-BDAB-506DD46049B8&apn_sauid=946EB5CE-37A1-4504-8220-9E4C36218550
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE304
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.14.100013
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.08.02 17:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.23 16:58:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 11:59:01 | 000,000,000 | ---D | M]
 
[2009.10.16 13:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.03.30 13:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions
[2010.10.24 11:38:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\ymu5j2n9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.14 10:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.14 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.12 19:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.03 12:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 18:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.12.14 10:54:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.03.18 09:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.01.14 17:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.12 19:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.03 12:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 18:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YMU5J2N9.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YMU5J2N9.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2009.08.24 20:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin:  (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AdBlock = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
 
O1 HOSTS File: ([2013.03.24 22:17:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3451857423-1515592683-1973902852-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C7EA20B-06FB-4C6A-B5F2-100C730302C6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD6A6223-4881-4B2D-BF3C-58EC71993208}: DhcpNameServer = 139.7.30.125 139.7.30.126
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\Louis Day\CIMG0461.JPG
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\Louis Day\CIMG0461.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 12:58:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.30 12:58:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.30 12:53:46 | 000,550,362 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sarah\Desktop\JRT.exe
[2013.03.24 22:21:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.24 22:21:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.24 22:00:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.24 22:00:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.24 22:00:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.24 22:00:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.24 21:59:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.24 21:59:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.23 12:05:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Tojaner
[2013.03.22 21:03:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.17 14:22:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.17 14:22:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.17 14:22:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.17 14:22:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.17 14:22:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.17 14:22:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.17 14:22:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.17 14:22:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.16 09:41:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.03.16 09:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 09:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 09:41:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.16 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.02.11 21:20:05 | 001,164,104 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah\wlsetup-custom.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 13:15:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.30 13:14:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013.03.30 13:13:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 13:13:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 13:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 13:13:29 | 3144,552,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.30 13:11:49 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.30 13:09:10 | 000,609,993 | ---- | M] () -- C:\Users\Sarah\Desktop\adwcleaner.exe
[2013.03.30 12:58:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000UA.job
[2013.03.30 12:53:48 | 000,550,362 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sarah\Desktop\JRT.exe
[2013.03.29 18:35:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.29 17:58:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3451857423-1515592683-1973902852-1000Core.job
[2013.03.24 22:17:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.20 22:34:40 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013.03.20 22:33:49 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.20 22:33:49 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.20 22:33:49 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.20 22:33:49 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.18 20:26:46 | 000,002,631 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk
[2013.03.17 02:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2013.03.16 09:39:14 | 000,002,084 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.30 13:10:40 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.30 13:09:08 | 000,609,993 | ---- | C] () -- C:\Users\Sarah\Desktop\adwcleaner.exe
[2013.03.24 22:00:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.24 22:00:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.24 22:00:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.24 22:00:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.24 22:00:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.20 22:34:40 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013.03.17 02:52:49 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2013.01.24 19:40:00 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm
[2012.02.01 13:12:09 | 000,007,052 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010.03.22 10:06:21 | 000,001,074 | RH-- | C] () -- C:\Users\Sarah\XrxWm.ini
[2010.03.22 10:06:21 | 000,000,522 | RH-- | C] () -- C:\Users\Sarah\xw45cpdy.dyc
[2009.08.16 12:45:53 | 000,023,552 | ---- | C] () -- C:\Users\Sarah\Australien die Erste.wps
[2009.07.24 19:17:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.24 18:52:15 | 000,055,296 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.03.27 11:14:53 | 000,009,216 | ---- | C] () -- C:\Users\Sarah\Kündigung.wps
[2009.02.09 21:09:23 | 000,000,614 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Die zweite Datei Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 30.03.2013 13:21:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop\Tojaner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,22% Memory free
6,09 Gb Paging File | 4,62 Gb Available in Paging File | 75,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 46,22 Gb Free Space | 32,06% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,06 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{0C6E0F10-7302-4C2B-8930-67DB8668572A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{174BDFC6-5957-4BEA-BC23-14F8680CF8FD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{226543C4-3E53-47A2-9AC4-F15D617A750E}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{2C5FCE26-DBBE-4571-9368-2659716A6841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{32C776B1-88B3-498B-BDDD-382E5DA221A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{38219769-DAFA-4A89-A007-925C28199DDA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43A19C69-0E49-4478-98AB-6F3CAE2E5ABE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{43D9FDC7-B358-4C09-B8A1-4CBEAE5E0795}" = protocol=17 | dir=in | app=c:\program files\abisuite2\abiword\bin\abiword.exe | 
"{5426B4D8-11C5-4418-B531-70355A855A0D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{662A672A-0670-4F4F-ADBF-92006134523D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6EE86E96-3B16-44F3-ABAB-6F3DF26AE69A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7532590C-685B-4ECE-93E0-D8D3211EAC40}" = protocol=6 | dir=in | app=c:\program files\abisuite2\abiword\bin\abiword.exe | 
"{91FC5DF4-FC4E-47EC-AA26-7B6F1D6DD995}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{B0AE20A2-5475-4E75-88DF-FA3058A2FBF4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B6F8D284-6444-4854-9042-935811A35F95}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{BFD1A152-7B3F-4100-9C66-E29B1C67A325}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{C367D706-151C-4B56-A368-54E871F1D2CE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C815E185-D1CB-49C9-ADE5-0C3CA3A3EC04}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{C9361CDA-5327-41E0-986C-6AC76875DDCA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{CD8749DA-7935-4E78-A2A6-E3BAD6C6CC77}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F799A69D-545E-4B10-931B-2586E5DA8E0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{705906F5-CE2B-4EF7-B537-2B8E172D2521}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9109D503-CE6B-46E3-8432-3CB72A74AF55}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EA40D5FD-CCD2-44DA-8509-FC18E3D77D5A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{6DE35EE2-E2F8-4E0B-BAE8-3676D33D7AE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7C1401D7-544D-4E13-A553-B3EDCF9D5CCB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{A1A9AEA2-5FE4-4351-AF0F-F3D74C8A1820}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"AbiWord2" = AbiWord 2.6.8
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Common-Use Signing Interface" = Common-Use Signing Interface
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Security Task Manager" = Security Task Manager 1.8d
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3451857423-1515592683-1973902852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2013 08:13:54 | Computer Name = Sarah-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.03.2013 08:14:11 | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 20.02.2011 10:26:31 | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.05.2011 10:54:09 | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.03.2013 08:13:42 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 30.03.2013 08:14:12 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Ich hoffe alles sieht gut aus :-) oder kommen noch weitere Schritte?

Vielen vielen Dank und frohe Ostern wünsche ich :-D

Antwort

Themen zu Meldung: tcbhn wurde beendet und geschlossen
administrator, anti-malware, appdata, automatisch, autostart, beendet, beendet und geschlossen, bericht, browser, dateien, diverse, explorer, fix, forum, helper, hilflos, install.exe, jquery, löschen, malwarebytes, microsoft, nicht mehr, problem, programm, software, temp, vista, wenig ahnung



Ähnliche Themen: Meldung: tcbhn wurde beendet und geschlossen


  1. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 08.02.2015 (1)
  2. Microsoft Windows meldet: AdobeFlashPlayer Update Service 11.6 r602 wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (9)
  3. tcbhn wurde beendet
    Log-Analyse und Auswertung - 15.08.2013 (39)
  4. Windows XP start: tcbhn.exe hat ein Problem festgestellt und muss beendet werden
    Log-Analyse und Auswertung - 23.07.2013 (30)
  5. Fehlermeldung: tcbhn wurde geschlossen
    Log-Analyse und Auswertung - 08.07.2013 (11)
  6. tcbhn wurde beendet und geschlossen!
    Log-Analyse und Auswertung - 14.06.2013 (30)
  7. tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (47)
  8. Tcbhn wurde beendet und geschlossen - Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (9)
  9. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (17)
  10. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (3)
  11. Tcbhn wurde beendet und geschlossen
    Log-Analyse und Auswertung - 03.05.2013 (7)
  12. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 28.04.2013 (4)
  13. tcbhn wurde beendet und geschlossen?
    Log-Analyse und Auswertung - 23.04.2013 (8)
  14. Meldung: tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (11)
  15. tbhcn wurde beendet und geschlossen
    Log-Analyse und Auswertung - 14.03.2013 (23)
  16. tcbhn wurde beendet und geschlossen?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (43)
  17. Hostprozess für Windows-Dienste wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (28)

Zum Thema Meldung: tcbhn wurde beendet und geschlossen - Hallöchen, ich habe seit mehreren Wochen eine Meldung nachdem ich meinen PC hochgefahren habe. (tcbhn wurde beendet und geschlossen) Im Forum habe ich diverse Themen gefunden, die das gleiche Problem - Meldung: tcbhn wurde beendet und geschlossen...
Archiv
Du betrachtest: Meldung: tcbhn wurde beendet und geschlossen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.