Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Rootkit-Scan (G-MER) Fund! (https://www.trojaner-board.de/105348-rootkit-scan-g-mer-fund.html)

KingSkull 23.11.2011 14:29
Rootkit-Scan (G-MER) Fund!
 
Hallo,

ist jetzt mein erster Beitrag, ich hoff ich mach jetzt alles richtig.
Folgendes: Ich hab einfach mal G-MER nochmal testen lassen ob auf meim PC alles richtig is, und dann kamen diese Funde: (Fehlerberichte):

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-22 09:00:58
Windows 6.1.7600
Running: 07t6u2x0.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619cd5466
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619cd5466 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Kann mir wer helfen, ich hab echt keine Erfahrung damit :S

Danke im Vorraus,

LG KingSkull

KingSkull 23.11.2011 19:56
Bitte, ich bräuchte wirklich hilfe...

Chris4You 25.11.2011 09:04
Hi,

das sieht eher nach einem Bluetooth-Service aus...
Wieso lässt Du GMER scannen, gibt es Verdachtsmomenete?

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

KingSkull 25.11.2011 17:36
Hey

erstmal danke für die Rückmeldung. Ja ich hatte einen Verdacht, denn als ich mir ein Texture Pack für minecraft gedownloadet hatte, meldete sich Avira, dass ich mir wohl einen Virus geholt habe, den ich aber mit Avira schnell wieder entfernen konnte. Um sicherzugehen, dass sonst nichts drauf ist, oder keine Rückstände vom Virus, ließ ich GMER drüberlaufen, und das ist rausgekommen.

Jetzt habe ich mittlerweile noch mal den TrojanHunter drüberlaufen lassen (die Testversion) und da kam auch einiges zusammen, was ich jedoch nicht verstehe:


Found trojan file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Decay.140(201))
Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Acer.exe (TDSS.784(173))
Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-eMachines.exe (TDSS.784(173))
Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Gateway.exe (TDSS.784(173))
Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-PackardBell.exe (TDSS.784(173))
Found trojan file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Decay.140(201))
Found trojan file: C:\Program Files (x86)\Metin2\errorlog.exe (Genome.3902(193))
Found trojan file: C:\Program Files (x86)\Metin2\hshield\ahnrpt.exe (Murlo.346(189))
Found trojan file: C:\Program Files (x86)\WinRAR\Rar.exe (Virus.163(208))
Found trojan file: C:\Users\Patrick\AppData\Local\Temp\FUJIFILM\Updater\terminate.exe (Plik.100(206))

z.B. Adobe ist doch keine Malware ?:confused:

also, kannst du mir damit vllt nochmal helfen?

Danke im Vorraus!

KingSkull

Chris4You 26.11.2011 14:56
Hallo,

bitte mach das was in meinem ersten Posting steht...

Zusätzlich:
TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

KingSkull 27.11.2011 09:09
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8251

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.11.2011 09:01:50
mbam-log-2011-11-27 (09-01-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178048
Laufzeit: 11 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

also, das kam bei diesem Malwarebytes raus. Was meinst du mit Signaturdateien, und reiter?

Chris4You 27.11.2011 13:10
Hi,

nicht Quickscan, Fullscan... Und poste auch die restlichen Logs...

Chris

KingSkull 27.11.2011 16:12
OK

passt nicht alles in einen post, ergebnisse von malwarebytes und tdss kommen innen nächsten^^

OTL:

1.:OTL Logfile:
Code:
OTL logfile created on: 27.11.2011 13:22:52 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Patrick\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 33,45% Memory free
7,35 Gb Paging File | 2,53 Gb Available in Paging File | 34,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,39 Gb Total Space | 149,02 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
Drive D: | 226,27 Gb Total Space | 225,73 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 688,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\***\AppData\Roaming\eType\eTypeUpdate.exe (DSNR Labs)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\APPLIC~1\150874~1.120\gcswf32.dll ()
MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll ()
MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll ()
MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll ()
MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b6a8747fc31bd7eb902b39f884665b21\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Users\***\AppData\Roaming\eType\MyZip.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ig?hl=de [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.etypestart.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=697&product_id=730&affiliate_id=&channel=&toolbar_id=205&toolbar_version=2.3.0&install_country=DE&install_date=20110918&user_guid=DD7904DDE88C4BB78E09DA32512B8569&machine_id=977118642ec488b306c82aa264c1f767&browser=FF&os=win&os_version=6.1-x64-SP0"
FF - prefs.js..keyword.URL: "hxxp://www.etypestart.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=697&product_id=730&affiliate_id=&channel=&toolbar_id=205&toolbar_version=2.3.0&install_country=DE&install_date=20110918&user_guid=DD7904DDE88C4BB78E09DA32512B8569&machine_id=977118642ec488b306c82aa264c1f767&browser=FF&os=win&os_version=6.1-x64-SP0&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.18 17:57:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 15:15:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.16 22:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.11.22 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions
[2011.07.27 15:10:39 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.07.27 15:10:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions\engine@conduit.com
[2011.09.18 19:20:06 | 000,001,391 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4cb6g057.default\searchplugins\yahoo-zugo.xml
[2011.11.18 16:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.18 16:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.18 17:57:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4CB6G057.DEFAULT\EXTENSIONS\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
[2011.07.08 08:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101227210912.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110717040257.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Productivity 2.1 Toolbar) - {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dllĀ File not found
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dllĀ File not found
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Productivity 2.1 Toolbar) - {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design TB Toolbar) - {A5AE8924-4036-420F-B7F6-A47E4B8F692E} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity 2.1 Toolbar) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKCU..\Run: [eType] C:\Users\***\AppData\Roaming\eType\eType.exe (DSNR Labs    )
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22F55A73-6191-44B6-AA4B-2111A417CD9A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.11.07 11:08:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{342898fb-c0ce-11df-9b46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{342898fb-c0ce-11df-9b46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CD-Start.exe -- [2001.10.17 01:38:34 | 003,362,816 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.27 13:26:20 | 000,000,000 | ---D | C] -- C:\TDSS
[2011.11.27 13:20:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.11.27 08:55:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrojanHunter
[2011.11.27 08:50:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.11.27 08:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.27 08:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.27 08:48:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.27 08:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.24 16:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2011.11.24 16:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2011.11.24 16:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2011.11.23 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.22 20:02:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Spawnergui_mod
[2011.11.22 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ModLoader
[2011.11.22 17:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.22 09:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.11.21 11:37:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Texturen
[2011.11.20 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.20 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.20 17:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.20 17:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.11.18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.18 16:54:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.18 16:54:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.18 16:54:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.17 19:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.11.05 15:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.05 15:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.27 13:25:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1771110696-1733054680-856737930-1000UA.job
[2011.11.27 13:20:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.11.27 13:19:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.27 12:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.27 08:53:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.27 08:48:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.26 17:35:47 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1771110696-1733054680-856737930-1000Core.job
[2011.11.24 16:44:26 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.11.24 16:44:22 | 000,001,009 | ---- | M] () -- C:\Users\***\Desktop\TrojanHunter.lnk
[2011.11.22 20:26:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.22 20:26:23 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.22 20:26:23 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.22 20:26:23 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.22 20:26:23 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.22 17:56:16 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.22 09:30:34 | 035,967,060 | ---- | M] () -- C:\Users\***\Desktop\minecraft-world1-010.zip
[2011.11.20 17:44:26 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.20 16:52:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 16:52:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.18 16:54:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.18 16:54:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.18 16:54:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.18 16:54:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.17 19:33:11 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.06 17:14:01 | 001,290,360 | ---- | M] () -- C:\Users\***\Documents\IMG_01112011_182437.png
[2011.11.05 17:47:32 | 000,182,687 | ---- | M] () -- C:\Users\***\Documents\IMG_05112011_174657.png
 
========== Files Created - No Company Name ==========
 
[2011.11.27 08:48:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.24 16:44:22 | 000,001,009 | ---- | C] () -- C:\Users\***\Desktop\TrojanHunter.lnk
[2011.11.24 16:44:01 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.11.22 17:56:16 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.22 09:31:58 | 035,967,060 | ---- | C] () -- C:\Users\***\Desktop\minecraft-world1-010.zip
[2011.11.22 07:42:46 | 001,287,168 | ---- | C] () -- C:\Users\***\Desktop\TileMaster.exe
[2011.11.20 17:44:26 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 17:13:38 | 001,290,360 | ---- | C] () -- C:\Users\Patrick\Documents\IMG_01112011_182437.png
[2011.11.05 17:47:25 | 000,182,687 | ---- | C] () -- C:\Users\Patrick\Documents\IMG_05112011_174657.png
[2011.07.28 15:29:30 | 000,003,584 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.16 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.26 16:02:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.23 17:08:40 | 000,000,807 | ---- | C] () -- C:\Windows\Ssc.INI
[2010.12.31 15:20:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2010.12.26 18:58:54 | 000,033,134 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.12.24 21:24:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.09.15 14:41:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.15 14:38:50 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.05.14 05:18:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.05.14 05:18:13 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.05.14 05:18:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.05.14 05:18:13 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.05.14 05:18:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.05.14 05:18:11 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.14 04:51:58 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Files - Unicode (All) ==========
[2011.07.17 21:37:03 | 004,138,996 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\ROCKST★R Präsi Right!!.pptx
[2011.07.13 23:26:47 | 000,000,165 | -H-- | M] ()(C:\Users\***\Documents\~$ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\~$ROCKST★R Präsi Right!!.pptx
[2011.07.13 23:26:47 | 000,000,165 | -H-- | C] ()(C:\Users\***\Documents\~$ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\~$ROCKST★R Präsi Right!!.pptx
[2011.07.13 23:26:46 | 004,138,996 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\ROCKST★R Präsi Right!!.pptx
[2011.07.13 18:34:17 | 003,670,111 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R.pptx) -- C:\Users\***\Documents\ROCKST★R.pptx
[2011.07.11 21:42:22 | 003,670,111 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R.pptx) -- C:\Users\***\Documents\ROCKST★R.pptx
[2011.07.11 21:41:52 | 001,724,293 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R_Präsi.pptx) -- C:\Users\***\Documents\ROCKST★R_Präsi.pptx
[2011.07.11 19:22:20 | 001,724,293 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R_Präsi.pptx) -- C:\Users\***\Documents\ROCKST★R_Präsi.pptx
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
--- --- ---

2.:OTL Logfile:
Code:
OTL Extras logfile created on: 27.11.2011 13:22:52 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 33,45% Memory free
7,35 Gb Paging File | 2,53 Gb Available in Paging File | 34,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,39 Gb Total Space | 149,02 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
Drive D: | 226,27 Gb Total Space | 225,73 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 688,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}" = FlatOut
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B43173-DC55-4616-B750-CB113A76C773}" = Atheros USB Wireless LAN Driver Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"Free_Lunch_Design_TB Toolbar" = Free Lunch Design TB Toolbar
"Guild Wars" = GUILD WARS
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Knight Rider 2" = Knight Rider 2
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"MSC" = McAfee Internet Security Suite
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Productivity_2.1 Toolbar" = Productivity 2.1 Toolbar
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Supercar Street Challenge" = Supercar Street Challenge
"TrojanHunter_is1" = TrojanHunter 5.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab 3GP Converter" = FoxTab 3GP Converter
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
 
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
 
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4150
 
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4150
 
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
 
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
 
Error - 20.11.2011 12:04:12 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Media Center Events ]
Error - 10.08.2011 03:23:50 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 09:23:50 - Fehler beim Herstellen der Internetverbindung.  09:23:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.08.2011 03:24:13 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 09:23:55 - Fehler beim Herstellen der Internetverbindung.  09:23:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 18.08.2011 04:11:16 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 10:11:16 - Fehler beim Herstellen der Internetverbindung.  10:11:16
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 18.08.2011 04:11:25 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 10:11:21 - Fehler beim Herstellen der Internetverbindung.  10:11:21
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.08.2011 15:06:57 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 21:06:57 - Fehler beim Herstellen der Internetverbindung.  21:06:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.08.2011 15:10:51 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 21:07:12 - Fehler beim Herstellen der Internetverbindung.  21:07:12
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.08.2011 17:34:20 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 23:34:20 - Fehler beim Herstellen der Internetverbindung.  23:34:20
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 20.08.2011 17:34:27 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 23:34:25 - Fehler beim Herstellen der Internetverbindung.  23:34:25
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.08.2011 05:43:07 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 11:43:07 - Fehler beim Herstellen der Internetverbindung.  11:43:07
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.08.2011 12:56:20 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 18:54:26 - Fehler beim Herstellen der Internetverbindung.  18:54:26
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 21.11.2011 14:55:20 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 22.11.2011 14:44:44 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 22.11.2011 14:56:44 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 22.11.2011 15:29:14 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 24.11.2011 15:06:56 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 25.11.2011 11:29:28 | Computer Name = ***Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{22F55A73-6191-44B6-AA4B-2111A417CD9A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.11.2011 12:38:20 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 25.11.2011 14:59:11 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 26.11.2011 11:42:33 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
Error - 26.11.2011 12:36:13 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---

KingSkull 27.11.2011 16:15
Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8251

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.11.2011 15:52:40
mbam-log-2011-11-27 (15-52-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 360436
Laufzeit: 2 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter (Adware.InstallCore) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\foxtab3gpconverter\uninstall\uninstall.exe (Adware.InstallCore) -> Quarantined and deleted successfully.

TDSS:
13:29:52.0278 11516 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:29:54.0280 11516 ============================================================
13:29:54.0280 11516 Current date / time: 2011/11/27 13:29:54.0280
13:29:54.0280 11516 SystemInfo:
13:29:54.0280 11516
13:29:54.0281 11516 OS Version: 6.1.7600 ServicePack: 0.0
13:29:54.0281 11516 Product type: Workstation
13:29:54.0281 11516 ComputerName: ***LAPTOP
13:29:54.0281 11516 UserName: Patrick
13:29:54.0281 11516 Windows directory: C:\Windows
13:29:54.0281 11516 System windows directory: C:\Windows
13:29:54.0281 11516 Running under WOW64
13:29:54.0281 11516 Processor architecture: Intel x64
13:29:54.0281 11516 Number of processors: 4
13:29:54.0281 11516 Page size: 0x1000
13:29:54.0281 11516 Boot type: Normal boot
13:29:54.0281 11516 ============================================================
13:29:56.0549 11516 Initialize success
13:30:04.0438 9968 ============================================================
13:30:04.0438 9968 Scan started
13:30:04.0438 9968 Mode: Manual;
13:30:04.0438 9968 ============================================================
13:30:06.0073 9968 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:30:06.0076 9968 1394ohci - ok
13:30:06.0424 9968 acedrv07 (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys
13:30:06.0426 9968 acedrv07 - ok
13:30:06.0651 9968 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:30:06.0655 9968 ACPI - ok
13:30:06.0892 9968 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:30:06.0893 9968 AcpiPmi - ok
13:30:07.0196 9968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:30:07.0203 9968 adp94xx - ok
13:30:07.0438 9968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:30:07.0447 9968 adpahci - ok
13:30:07.0586 9968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:30:07.0592 9968 adpu320 - ok
13:30:07.0805 9968 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:30:07.0811 9968 AFD - ok
13:30:07.0978 9968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:30:07.0979 9968 agp440 - ok
13:30:08.0156 9968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:30:08.0169 9968 aliide - ok
13:30:08.0323 9968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:30:08.0324 9968 amdide - ok
13:30:08.0680 9968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:30:08.0682 9968 AmdK8 - ok
13:30:09.0251 9968 amdkmdag (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys
13:30:09.0622 9968 amdkmdag - ok
13:30:09.0888 9968 amdkmdap (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys
13:30:09.0891 9968 amdkmdap - ok
13:30:10.0205 9968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:30:10.0206 9968 AmdPPM - ok
13:30:10.0493 9968 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:30:10.0495 9968 amdsata - ok
13:30:10.0890 9968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:30:10.0895 9968 amdsbs - ok
13:30:11.0411 9968 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:30:11.0413 9968 amdxata - ok
13:30:11.0824 9968 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
13:30:11.0826 9968 AmUStor - ok
13:30:12.0336 9968 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:30:12.0338 9968 AppID - ok
13:30:12.0673 9968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:30:12.0675 9968 arc - ok
13:30:13.0031 9968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:30:13.0033 9968 arcsas - ok
13:30:13.0487 9968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:13.0488 9968 AsyncMac - ok
13:30:13.0939 9968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:30:13.0940 9968 atapi - ok
13:30:14.0474 9968 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys
13:30:14.0530 9968 athr - ok
13:30:14.0949 9968 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
13:30:14.0951 9968 AtiHdmiService - ok
13:30:15.0426 9968 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:30:15.0428 9968 avgntflt - ok
13:30:15.0931 9968 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
13:30:15.0933 9968 avipbb - ok
13:30:16.0253 9968 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:30:16.0254 9968 avkmgr - ok
13:30:16.0819 9968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:30:16.0826 9968 b06bdrv - ok
13:30:17.0356 9968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:30:17.0359 9968 b57nd60a - ok
13:30:18.0034 9968 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:30:18.0102 9968 BCM43XX - ok
13:30:18.0632 9968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:30:18.0633 9968 Beep - ok
13:30:19.0137 9968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:30:19.0139 9968 blbdrive - ok
13:30:19.0791 9968 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:30:19.0793 9968 bowser - ok
13:30:20.0213 9968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:30:20.0215 9968 BrFiltLo - ok
13:30:20.0569 9968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:30:20.0591 9968 BrFiltUp - ok
13:30:21.0169 9968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:30:21.0173 9968 Brserid - ok
13:30:21.0903 9968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:30:21.0904 9968 BrSerWdm - ok
13:30:22.0370 9968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:30:22.0372 9968 BrUsbMdm - ok
13:30:22.0981 9968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:30:23.0005 9968 BrUsbSer - ok
13:30:23.0504 9968 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:30:23.0506 9968 BthEnum - ok
13:30:24.0127 9968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:30:24.0130 9968 BTHMODEM - ok
13:30:25.0379 9968 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:30:25.0382 9968 BthPan - ok
13:30:26.0407 9968 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
13:30:26.0454 9968 BTHPORT - ok
13:30:27.0376 9968 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
13:30:27.0378 9968 BTHUSB - ok
13:30:29.0060 9968 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys
13:30:29.0062 9968 btwampfl - ok
13:30:29.0571 9968 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
13:30:29.0573 9968 btwaudio - ok
13:30:30.0410 9968 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys
13:30:30.0412 9968 btwavdt - ok
13:30:30.0961 9968 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:30:30.0962 9968 btwl2cap - ok
13:30:31.0502 9968 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
13:30:31.0504 9968 btwrchid - ok
13:30:32.0115 9968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:30:32.0117 9968 cdfs - ok
13:30:32.0495 9968 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:30:32.0498 9968 cdrom - ok
13:30:33.0381 9968 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
13:30:33.0383 9968 cfwids - ok
13:30:33.0725 9968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:30:33.0726 9968 circlass - ok
13:30:33.0962 9968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:30:33.0966 9968 CLFS - ok
13:30:34.0622 9968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:30:34.0623 9968 CmBatt - ok
13:30:35.0028 9968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:30:35.0030 9968 cmdide - ok
13:30:35.0706 9968 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:30:35.0711 9968 CNG - ok
13:30:36.0282 9968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:30:36.0283 9968 Compbatt - ok
13:30:36.0794 9968 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:30:36.0796 9968 CompositeBus - ok
13:30:37.0432 9968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:30:37.0433 9968 crcdisk - ok
13:30:38.0038 9968 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:30:38.0040 9968 DfsC - ok
13:30:38.0573 9968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:30:38.0575 9968 discache - ok
13:30:39.0242 9968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:30:39.0244 9968 Disk - ok
13:30:39.0552 9968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:30:39.0554 9968 drmkaud - ok
13:30:40.0560 9968 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
13:30:40.0604 9968 DXGKrnl - ok
13:30:41.0414 9968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:30:41.0691 9968 ebdrv - ok
13:30:42.0225 9968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:30:42.0260 9968 elxstor - ok
13:30:42.0757 9968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:30:42.0758 9968 ErrDev - ok
13:30:43.0213 9968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:30:43.0216 9968 exfat - ok
13:30:43.0483 9968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:30:43.0494 9968 fastfat - ok
13:30:44.0160 9968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:30:44.0162 9968 fdc - ok
13:30:44.0801 9968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:30:44.0803 9968 FileInfo - ok
13:30:45.0212 9968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:30:45.0214 9968 Filetrace - ok
13:30:45.0709 9968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:30:45.0710 9968 flpydisk - ok
13:30:46.0089 9968 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:30:46.0093 9968 FltMgr - ok
13:30:46.0546 9968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:30:46.0548 9968 FsDepends - ok
13:30:47.0035 9968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:30:47.0036 9968 Fs_Rec - ok
13:30:47.0652 9968 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:30:47.0655 9968 fvevol - ok
13:30:48.0096 9968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:30:48.0098 9968 gagp30kx - ok
13:30:48.0710 9968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:30:48.0712 9968 GEARAspiWDM - ok
13:30:49.0430 9968 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:30:49.0433 9968 hamachi - ok
13:30:49.0998 9968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:30:49.0999 9968 hcw85cir - ok
13:30:50.0579 9968 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:30:50.0584 9968 HdAudAddService - ok
13:30:51.0059 9968 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:30:51.0061 9968 HDAudBus - ok
13:30:51.0603 9968 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:30:51.0605 9968 HECIx64 - ok
13:30:51.0799 9968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:30:51.0801 9968 HidBatt - ok
13:30:52.0181 9968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:30:52.0183 9968 HidBth - ok
13:30:52.0528 9968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:30:52.0529 9968 HidIr - ok
13:30:52.0860 9968 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:30:52.0861 9968 HidUsb - ok
13:30:53.0387 9968 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:30:53.0389 9968 HpSAMD - ok
13:30:54.0123 9968 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:30:54.0143 9968 HTTP - ok
13:30:54.0494 9968 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:30:54.0495 9968 hwpolicy - ok
13:30:54.0893 9968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:30:54.0895 9968 i8042prt - ok
13:30:55.0396 9968 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
13:30:55.0401 9968 iaStor - ok
13:30:56.0057 9968 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:30:56.0088 9968 iaStorV - ok
13:30:56.0380 9968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:30:56.0383 9968 iirsp - ok
13:30:56.0910 9968 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
13:30:57.0376 9968 IntcAzAudAddService - ok
13:30:57.0836 9968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:30:57.0838 9968 intelide - ok
13:30:58.0813 9968 intelkmd (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:30:59.0005 9968 intelkmd - ok
13:30:59.0202 9968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:30:59.0204 9968 intelppm - ok
13:30:59.0340 9968 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:30:59.0342 9968 IpFilterDriver - ok
13:30:59.0631 9968 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:30:59.0633 9968 IPMIDRV - ok
13:31:00.0210 9968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:31:00.0212 9968 IPNAT - ok
13:31:00.0704 9968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:31:00.0725 9968 IRENUM - ok
13:31:01.0001 9968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:31:01.0003 9968 isapnp - ok
13:31:01.0487 9968 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:01.0491 9968 iScsiPrt - ok
13:31:01.0893 9968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:01.0894 9968 kbdclass - ok
13:31:02.0236 9968 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:02.0268 9968 kbdhid - ok
13:31:02.0596 9968 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:31:02.0606 9968 KSecDD - ok
13:31:03.0332 9968 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:31:03.0335 9968 KSecPkg - ok
13:31:03.0915 9968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:31:03.0937 9968 ksthunk - ok
13:31:04.0300 9968 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:31:04.0302 9968 L1C - ok
13:31:04.0652 9968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:04.0654 9968 lltdio - ok
13:31:05.0148 9968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:31:05.0150 9968 LSI_FC - ok
13:31:05.0368 9968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:31:05.0370 9968 LSI_SAS - ok
13:31:05.0769 9968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:31:05.0771 9968 LSI_SAS2 - ok
13:31:06.0206 9968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:31:06.0208 9968 LSI_SCSI - ok
13:31:06.0844 9968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:31:06.0847 9968 luafv - ok
13:31:07.0455 9968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:31:07.0465 9968 megasas - ok
13:31:07.0762 9968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:31:07.0766 9968 MegaSR - ok
13:31:08.0070 9968 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
13:31:08.0073 9968 mfeapfk - ok
13:31:08.0414 9968 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
13:31:08.0416 9968 mfeavfk - ok
13:31:08.0672 9968 mfeavfk01 - ok
13:31:09.0224 9968 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
13:31:09.0256 9968 mfefirek - ok
13:31:09.0655 9968 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
13:31:09.0662 9968 mfehidk - ok
13:31:10.0180 9968 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:31:10.0182 9968 mfenlfk - ok
13:31:10.0440 9968 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
13:31:10.0442 9968 mferkdet - ok
13:31:10.0822 9968 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
13:31:10.0877 9968 mfewfpk - ok
13:31:11.0242 9968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:31:11.0243 9968 Modem - ok
13:31:11.0674 9968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:31:11.0675 9968 monitor - ok
13:31:12.0020 9968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:12.0022 9968 mouclass - ok
13:31:12.0531 9968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:12.0533 9968 mouhid - ok
13:31:13.0190 9968 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:31:13.0209 9968 mountmgr - ok
13:31:13.0529 9968 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:31:13.0531 9968 mpio - ok
13:31:13.0846 9968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:31:13.0847 9968 mpsdrv - ok
13:31:14.0232 9968 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:31:14.0235 9968 MRxDAV - ok
13:31:14.0595 9968 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:14.0598 9968 mrxsmb - ok
13:31:14.0992 9968 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:15.0036 9968 mrxsmb10 - ok
13:31:15.0314 9968 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:15.0317 9968 mrxsmb20 - ok
13:31:15.0809 9968 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:31:15.0810 9968 msahci - ok
13:31:16.0438 9968 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:31:16.0460 9968 msdsm - ok
13:31:16.0957 9968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:31:16.0960 9968 Msfs - ok
13:31:17.0260 9968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:31:17.0261 9968 mshidkmdf - ok
13:31:17.0526 9968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:31:17.0528 9968 msisadrv - ok
13:31:17.0942 9968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:17.0944 9968 MSKSSRV - ok
13:31:18.0331 9968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:18.0333 9968 MSPCLOCK - ok
13:31:18.0620 9968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:31:18.0626 9968 MSPQM - ok
13:31:19.0064 9968 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:31:19.0083 9968 MsRPC - ok
13:31:19.0351 9968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:19.0353 9968 mssmbios - ok
13:31:19.0586 9968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:31:19.0587 9968 MSTEE - ok
13:31:19.0876 9968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:31:19.0877 9968 MTConfig - ok
13:31:20.0176 9968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:31:20.0187 9968 Mup - ok
13:31:20.0491 9968 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:31:20.0493 9968 mwlPSDFilter - ok
13:31:20.0939 9968 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:31:20.0941 9968 mwlPSDNServ - ok
13:31:21.0267 9968 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:31:21.0269 9968 mwlPSDVDisk - ok
13:31:21.0687 9968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:21.0692 9968 NativeWifiP - ok
13:31:22.0391 9968 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:31:22.0402 9968 NDIS - ok
13:31:22.0835 9968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:31:22.0837 9968 NdisCap - ok
13:31:23.0141 9968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:23.0143 9968 NdisTapi - ok
13:31:23.0554 9968 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:23.0555 9968 Ndisuio - ok
13:31:23.0837 9968 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:23.0839 9968 NdisWan - ok
13:31:24.0132 9968 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:31:24.0133 9968 NDProxy - ok
13:31:24.0466 9968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:31:24.0467 9968 NetBIOS - ok
13:31:24.0873 9968 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:31:24.0877 9968 NetBT - ok
13:31:25.0139 9968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:31:25.0141 9968 nfrd960 - ok
13:31:25.0477 9968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:31:25.0480 9968 Npfs - ok
13:31:26.0011 9968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:31:26.0012 9968 nsiproxy - ok
13:31:26.0431 9968 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:31:26.0449 9968 Ntfs - ok
13:31:26.0814 9968 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
13:31:26.0816 9968 NTIDrvr - ok
13:31:27.0183 9968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:31:27.0185 9968 Null - ok
13:31:27.0587 9968 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:31:27.0589 9968 nvraid - ok
13:31:27.0885 9968 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:31:27.0887 9968 nvstor - ok
13:31:28.0223 9968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:31:28.0225 9968 nv_agp - ok
13:31:28.0517 9968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:31:28.0518 9968 ohci1394 - ok
13:31:28.0957 9968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:31:28.0959 9968 Parport - ok
13:31:29.0293 9968 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:31:29.0295 9968 partmgr - ok
13:31:29.0569 9968 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:31:29.0572 9968 pci - ok
13:31:29.0829 9968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:31:29.0830 9968 pciide - ok
13:31:30.0249 9968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:31:30.0284 9968 pcmcia - ok
13:31:30.0779 9968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:31:30.0781 9968 pcw - ok
13:31:30.0955 9968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:31:30.0963 9968 PEAUTH - ok
13:31:31.0483 9968 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:31.0485 9968 PptpMiniport - ok
13:31:31.0765 9968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:31:31.0766 9968 Processor - ok
13:31:32.0036 9968 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:31:32.0038 9968 Psched - ok
13:31:32.0421 9968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:31:32.0477 9968 ql2300 - ok
13:31:32.0742 9968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:31:32.0745 9968 ql40xx - ok
13:31:33.0115 9968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:31:33.0116 9968 QWAVEdrv - ok
13:31:33.0375 9968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:33.0377 9968 RasAcd - ok
13:31:33.0782 9968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:31:33.0784 9968 RasAgileVpn - ok
13:31:34.0117 9968 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:34.0119 9968 Rasl2tp - ok
13:31:34.0502 9968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:34.0505 9968 RasPppoe - ok
13:31:34.0762 9968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:34.0767 9968 RasSstp - ok
13:31:35.0189 9968 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:35.0193 9968 rdbss - ok
13:31:35.0503 9968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:31:35.0504 9968 rdpbus - ok
13:31:35.0798 9968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:35.0799 9968 RDPCDD - ok
13:31:36.0156 9968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:31:36.0158 9968 RDPENCDD - ok
13:31:36.0669 9968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:31:36.0671 9968 RDPREFMP - ok
13:31:37.0007 9968 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:31:37.0010 9968 RDPWD - ok
13:31:37.0403 9968 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:31:37.0421 9968 rdyboost - ok
13:31:37.0834 9968 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:31:37.0836 9968 RFCOMM - ok
13:31:38.0148 9968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:38.0150 9968 rspndr - ok
13:31:38.0529 9968 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:31:38.0532 9968 sbp2port - ok
13:31:38.0790 9968 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:31:38.0792 9968 scfilter - ok
13:31:39.0148 9968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:31:39.0150 9968 secdrv - ok
13:31:39.0524 9968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:31:39.0526 9968 Serenum - ok
13:31:40.0138 9968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:31:40.0140 9968 Serial - ok
13:31:40.0538 9968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:31:40.0540 9968 sermouse - ok
13:31:41.0008 9968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:31:41.0010 9968 sffdisk - ok
13:31:41.0232 9968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:31:41.0234 9968 sffp_mmc - ok
13:31:41.0580 9968 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:31:41.0581 9968 sffp_sd - ok
13:31:41.0751 9968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:31:41.0753 9968 sfloppy - ok
13:31:42.0009 9968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:31:42.0019 9968 SiSRaid2 - ok
13:31:42.0243 9968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:31:42.0245 9968 SiSRaid4 - ok
13:31:42.0613 9968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:31:42.0615 9968 Smb - ok
13:31:42.0976 9968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:31:42.0978 9968 spldr - ok
13:31:43.0504 9968 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:31:43.0555 9968 srv - ok
13:31:43.0990 9968 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:31:44.0169 9968 srv2 - ok
13:31:44.0549 9968 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:44.0551 9968 srvnet - ok
13:31:44.0817 9968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:31:44.0818 9968 stexstor - ok
13:31:45.0100 9968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:31:45.0102 9968 swenum - ok
13:31:45.0736 9968 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys
13:31:45.0740 9968 SynTP - ok
13:31:46.0381 9968 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
13:31:46.0433 9968 Tcpip - ok
13:31:47.0038 9968 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:47.0084 9968 TCPIP6 - ok
13:31:47.0343 9968 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:31:47.0344 9968 tcpipreg - ok
13:31:47.0604 9968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:31:47.0606 9968 TDPIPE - ok
13:31:47.0826 9968 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:31:47.0828 9968 TDTCP - ok
13:31:48.0122 9968 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:31:48.0125 9968 tdx - ok
13:31:48.0667 9968 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:31:48.0669 9968 TermDD - ok
13:31:48.0901 9968 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:48.0904 9968 tssecsrv - ok
13:31:49.0204 9968 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:49.0207 9968 tunnel - ok
13:31:49.0459 9968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:31:49.0462 9968 uagp35 - ok
13:31:49.0782 9968 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
13:31:49.0784 9968 UBHelper - ok
13:31:50.0246 9968 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:31:50.0251 9968 udfs - ok
13:31:50.0636 9968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:31:50.0638 9968 uliagpkx - ok
13:31:50.0905 9968 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:31:50.0907 9968 umbus - ok
13:31:51.0204 9968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:31:51.0205 9968 UmPass - ok
13:31:51.0493 9968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:31:51.0495 9968 USBAAPL64 - ok
13:31:51.0983 9968 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:51.0985 9968 usbccgp - ok
13:31:52.0176 9968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:31:52.0178 9968 usbcir - ok
13:31:52.0469 9968 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
13:31:52.0471 9968 usbehci - ok
13:31:52.0940 9968 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:52.0994 9968 usbhub - ok
13:31:53.0295 9968 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
13:31:53.0297 9968 usbohci - ok
13:31:53.0555 9968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:31:53.0557 9968 usbprint - ok
13:31:53.0872 9968 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:53.0874 9968 USBSTOR - ok
13:31:54.0222 9968 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
13:31:54.0224 9968 usbuhci - ok
13:31:54.0627 9968 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:31:54.0630 9968 usbvideo - ok
13:31:55.0122 9968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:31:55.0124 9968 vdrvroot - ok
13:31:55.0478 9968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:55.0479 9968 vga - ok
13:31:55.0900 9968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:31:55.0902 9968 VgaSave - ok
13:31:56.0262 9968 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:31:56.0265 9968 vhdmp - ok
13:31:56.0573 9968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:31:56.0580 9968 viaide - ok
13:31:56.0842 9968 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:31:56.0844 9968 volmgr - ok
13:31:57.0093 9968 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:31:57.0098 9968 volmgrx - ok
13:31:57.0463 9968 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:31:57.0468 9968 volsnap - ok
13:31:57.0800 9968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:31:57.0803 9968 vsmraid - ok
13:31:58.0135 9968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:31:58.0137 9968 vwifibus - ok
13:31:58.0476 9968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:31:58.0489 9968 vwififlt - ok
13:31:58.0812 9968 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:31:58.0814 9968 vwifimp - ok
13:31:59.0113 9968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:31:59.0114 9968 WacomPen - ok
13:31:59.0542 9968 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:59.0550 9968 WANARP - ok
13:31:59.0620 9968 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:59.0621 9968 Wanarpv6 - ok
13:31:59.0979 9968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:31:59.0982 9968 Wd - ok
13:32:00.0249 9968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:32:00.0257 9968 Wdf01000 - ok
13:32:00.0548 9968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:00.0549 9968 WfpLwf - ok
13:32:00.0836 9968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:32:00.0838 9968 WIMMount - ok
13:32:01.0230 9968 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:01.0232 9968 WinUsb - ok
13:32:01.0489 9968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:32:01.0490 9968 WmiAcpi - ok
13:32:01.0822 9968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:01.0824 9968 ws2ifsl - ok
13:32:02.0235 9968 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:32:02.0237 9968 WudfPf - ok
13:32:02.0465 9968 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:02.0469 9968 WUDFRd - ok
13:32:02.0577 9968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:32:02.0604 9968 \Device\Harddisk0\DR0 - ok
13:32:02.0606 9968 Boot (0x1200) (837d64a5a2b8be1889f00de22681a90e) \Device\Harddisk0\DR0\Partition0
13:32:02.0607 9968 \Device\Harddisk0\DR0\Partition0 - ok
13:32:02.0630 9968 Boot (0x1200) (727fdee3706a6154be0c1780182cf823) \Device\Harddisk0\DR0\Partition1
13:32:02.0631 9968 \Device\Harddisk0\DR0\Partition1 - ok
13:32:02.0683 9968 Boot (0x1200) (0b7b7ae9a5e566fad94852efe0cb9e59) \Device\Harddisk0\DR0\Partition2
13:32:02.0685 9968 \Device\Harddisk0\DR0\Partition2 - ok
13:32:02.0685 9968 ============================================================
13:32:02.0685 9968 Scan finished
13:32:02.0685 9968 ============================================================
13:32:02.0691 12416 Detected object count: 0
13:32:02.0691 12416 Actual detected object count: 0

Chris4You 27.11.2011 18:53
Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\ProgramData\FullRemove.exe
C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Acer.exe
C:\Users\Patrick\AppData\Local\Temp\FUJIFILM\Updater\terminate.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
C:\WINDOWS\system32\5035\components\AcroFF0356.dll
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

MBR noch prüfen...
MBR-Rootkit
Lade den MBR-Rootkitscanner von Gmer auf Deine Bootplatte:
http://www2.gmer.net/mbr/mbr.exe
Merke Dir das Verzeichnis wo Du ihn runtergeladen hast;
Start->Ausführen->cmd
Wechsle in das Verzeichnis des Downloads und starte durch Eingabe
von mbr das Programm...
Achtung! Vista und Win7-User müssen mbr.exe als "Administrator"
ausführen. Dazu muss die Console mit Adminrechten ausgestattet sein,
am Besten einen Link auf dem Desktop wie folgt erstellen:
Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel:
C:\Windows\System32\cmd.exe Name eingeben, Fertig.
Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als
Administrator" auswählen, UAC und wie oben beschrieben in das
Verzeichnis wechseln und mbr.exe starten.

chris

KingSkull 27.11.2011 19:27
Paar fragen :s

also: versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!) hab ich gemacht, aber bei Virustotal, meinst du den search-button? weil wenn ich da das reinkopiert hab, kamen nur irgendwelche beiträge oder sowas...

Dann das mit OTL: Soll ich den Ordner erstellen, denn so einen Ordner gibt es bei mir nicht-.-

Und dann das mit GMER:
Wie gesagt ich bin unerfahren: Was ist die Bootplatte?

Nochmal danke für die viele Geduld mit mir ;)

Chris4You 28.11.2011 07:52
Hi,

bei virustotal entweder über den Button "suchen" zu den Files (eines nach dem anderen) navigieren, hochladen und prüfen lassen, oder den kompletten Filename (z. B. C:\ProgramData\FullRemove.exe) mit Pfad in das Eingeabefeld kopieren...

OTL:
Du meinst diesen Pfad: %systemroot%\_OTL. Den legt OTL automatisch an, %systemroot% wird automatisch aufgelöst zu C:\windows oder wo Du sonst Dein Windowssystem installiert hast.

BootPlatte:
FEstplatte wo das Betriebssystem liegt (Windows) und dessen MBR (MasterBootBlock) zum (Nach-)Laden des Betriebssystem verwendet wird...
Dürfte C: sein...

chris

KingSkull 28.11.2011 15:14
nr.1:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: FullRemove.exe
Submission date: 2011-11-28 13:36:12 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.27.00 2011.11.27 -
AntiVir 7.11.18.87 2011.11.28 -
Antiy-AVL 2.0.3.7 2011.11.28 -
Avast 6.0.1289.0 2011.11.28 -
AVG 10.0.0.1190 2011.11.28 -
BitDefender 7.2 2011.11.28 -
ByteHero 1.0.0.1 2011.11.14 -
CAT-QuickHeal 12.00 2011.11.28 -
ClamAV 0.97.3.0 2011.11.28 -
Commtouch 5.3.2.6 2011.11.28 -
Comodo 10791 2011.11.27 -
DrWeb 5.0.2.03300 2011.11.28 -
Emsisoft 5.1.0.11 2011.11.28 -
eSafe 7.0.17.0 2011.11.27 -
eTrust-Vet 37.0.9590 2011.11.28 -
F-Prot 4.6.5.141 2011.11.27 -
F-Secure 9.0.16440.0 2011.11.28 -
Fortinet 4.3.370.0 2011.11.27 -
GData 22.289/22.535 2011.11.28 -
Ikarus T3.1.1.109.0 2011.11.28 -
Jiangmin 13.0.900 2011.11.27 -
K7AntiVirus 9.119.5542 2011.11.25 -
Kaspersky 9.0.0.837 2011.11.28 -
McAfee 5.400.0.1158 2011.11.28 -
McAfee-GW-Edition 2010.1D 2011.11.28 -
Microsoft 1.7801 2011.11.28 -
NOD32 6666 2011.11.28 -
Norman 6.07.13 2011.11.28 -
nProtect 2011-11-28.02 2011.11.28 -
Panda 10.0.3.5 2011.11.27 -
PCTools 8.0.0.5 2011.11.28 -
Prevx 3.0 2011.11.28 -
Rising 23.86.00.01 2011.11.28 -
Sophos 4.71.0 2011.11.28 -
SUPERAntiSpyware 4.40.0.1006 2011.11.26 -
Symantec 20111.2.0.82 2011.11.28 -
TheHacker 6.7.0.1.350 2011.11.27 -
TrendMicro 9.500.0.1008 2011.11.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 -
VBA32 3.12.16.4 2011.11.28 -
VIPRE 11169 2011.11.28 -
ViRobot 2011.11.28.4797 2011.11.28 -
VirusBuster 14.1.88.0 2011.11.28 -
Additional informationShow all
MD5 : 6acbd475647d7a160657cb3e460f0f35
SHA1 : 9cb602e7fe4ccbbc30bd8aa242ed6082f06f13e4
SHA256: 0491aeac13250fc36ecc8d875884665143c194a89c5f6a42001034bc068cec28

nr.2:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: OnlineBackupARASetup-Acer.exe
Submission date: 2011-11-28 13:49:42 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.27.00 2011.11.27 -
AntiVir 7.11.18.87 2011.11.28 -
Antiy-AVL 2.0.3.7 2011.11.28 -
Avast 6.0.1289.0 2011.11.28 -
AVG 10.0.0.1190 2011.11.28 -
BitDefender 7.2 2011.11.28 -
ByteHero 1.0.0.1 2011.11.14 -
CAT-QuickHeal 12.00 2011.11.28 -
ClamAV 0.97.3.0 2011.11.28 -
Commtouch 5.3.2.6 2011.11.28 -
Comodo 10791 2011.11.27 -
DrWeb 5.0.2.03300 2011.11.28 -
Emsisoft 5.1.0.11 2011.11.28 -
eSafe 7.0.17.0 2011.11.27 -
eTrust-Vet 37.0.9590 2011.11.28 -
F-Prot 4.6.5.141 2011.11.27 -
F-Secure 9.0.16440.0 2011.11.28 -
Fortinet 4.3.370.0 2011.11.27 -
GData 22 2011.11.28 -
Ikarus T3.1.1.109.0 2011.11.28 -
Jiangmin 13.0.900 2011.11.27 -
K7AntiVirus 9.119.5542 2011.11.25 -
Kaspersky 9.0.0.837 2011.11.28 -
McAfee 5.400.0.1158 2011.11.28 -
McAfee-GW-Edition 2010.1D 2011.11.28 -
Microsoft 1.7801 2011.11.28 -
NOD32 6666 2011.11.28 -
Norman 6.07.13 2011.11.28 -
nProtect 2011-11-28.02 2011.11.28 -
Panda 10.0.3.5 2011.11.27 -
PCTools 8.0.0.5 2011.11.28 -
Prevx 3.0 2011.11.28 -
Rising 23.86.00.01 2011.11.28 -
Sophos 4.71.0 2011.11.28 -
SUPERAntiSpyware 4.40.0.1006 2011.11.26 -
Symantec 20111.2.0.82 2011.11.28 -
TheHacker 6.7.0.1.350 2011.11.27 -
TrendMicro 9.500.0.1008 2011.11.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 -
VBA32 3.12.16.4 2011.11.28 -
VIPRE 11169 2011.11.28 -
ViRobot 2011.11.28.4797 2011.11.28 -
VirusBuster 14.1.88.0 2011.11.28 -
Additional informationShow all
MD5 : 281bf795ce5570d5404a718b9ae05794
SHA1 : 0e2e57f472947890296a94d904ba826294fe7387
SHA256: 36a9c78a4286a490ab898294d84a3295d53c42b0f7fc10360964ab64357cbcf0

und nr.3:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: terminate.exe
Submission date: 2011-11-28 13:58:29 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.27.00 2011.11.27 -
AntiVir 7.11.18.87 2011.11.28 -
Antiy-AVL 2.0.3.7 2011.11.28 -
Avast 6.0.1289.0 2011.11.28 -
AVG 10.0.0.1190 2011.11.28 -
BitDefender 7.2 2011.11.28 -
ByteHero 1.0.0.1 2011.11.14 -
CAT-QuickHeal 12.00 2011.11.28 -
ClamAV 0.97.3.0 2011.11.28 -
Commtouch 5.3.2.6 2011.11.28 -
Comodo 10780 None.. -
DrWeb 5.0.2.03300 2011.11.28 -
Emsisoft 5.1.0.11 2011.11.28 -
eSafe 7.0.17.0 2011.11.27 -
eTrust-Vet 37.0.9590 2011.11.28 -
F-Prot 4.6.5.141 2011.11.27 -
F-Secure 9.0.16440.0 2011.11.28 -
Fortinet 4.3.370.0 2011.11.27 -
GData 22 2011.11.28 -
Ikarus T3.1.1.109.0 2011.11.28 -
Jiangmin 13.0.900 2011.11.27 -
K7AntiVirus 9.119.5542 2011.11.25 -
Kaspersky 9.0.0.837 2011.11.28 -
McAfee 5.400.0.1158 2011.11.28 -
McAfee-GW-Edition 2010.1D 2011.11.28 -
Microsoft 1.7801 2011.11.28 -
NOD32 6666 2011.11.28 -
Norman 6.07.13 2011.11.28 -
nProtect 2011-11-28.02 2011.11.28 -
Panda 10.0.3.5 2011.11.27 -
PCTools 8.0.0.5 2011.11.28 -
Prevx 3.0 2011.11.28 -
Rising 23.86.00.01 2011.11.28 -
Sophos 4.71.0 2011.11.28 -
SUPERAntiSpyware 4.40.0.1006 2011.11.26 -
Symantec 20111.2.0.82 2011.11.28 -
TheHacker 6.7.0.1.350 2011.11.27 -
TrendMicro 9.500.0.1008 2011.11.28 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 -
VBA32 3.12.16.4 2011.11.28 -
VIPRE 11169 2011.11.28 -
ViRobot 2011.11.28.4797 2011.11.28 -
VirusBuster 14.1.88.0 2011.11.28 -
Additional informationShow all
MD5 : 6f23b2f9714b23498278876d45d1bfab
SHA1 : 226322f928538017cb3e7eb1a13447c265e9ba00
SHA256: 13c4423a5856796eaefeadb060a46988b37eea7736aa0c807d7054d0474cb117

okay, alles andere was du gesagt hast, habe ich gemacht (geht bei OTL als textdatei word, oder soll ich editor nehmen, hab jz mal word genommen..)

Die mbr.exe hat sich von selbst dann wieder geschlossen, hoffe ich hab alles richtig gemacht.

lg

Chris4You 29.11.2011 07:24
Hi,

texteditor genügt...

In dem Verzeichnis wo mbr.exe liegt findest Du das Log,
poste es im Thread;

chris

KingSkull 29.11.2011 16:37
okay, habs zum textdokument gemacht und das ist der mbr-log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read Das Handle ist ungültig.
kernel: error reading MBR

LG

Chris4You 30.11.2011 07:29
Hi,

bitte MBRCheck unter Adminrechten ausführen...
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"

chris

KingSkull 30.11.2011 14:52
hab ich :/


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read Das Handle ist ungültig.
kernel: error reading MBR

Chris4You 30.11.2011 15:43
Hallo,

bitte aswMBR.exe (http://filepony.de/download-aswmbr/) downloaden.
Doppel-Klick auf aswMBR.exe machen, um das Programm (als Admin) zu starten. Scan-Button anklicken und prüfen lassen, Log speichern und posten...

chris

KingSkull 30.11.2011 15:50
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-30 15:48:13
-----------------------------
15:48:13.319 OS Version: Windows x64 6.1.7600
15:48:13.319 Number of processors: 4 586 0x2505
15:48:13.322 ComputerName: ***LAPTOP UserName: ***
15:48:16.001 Initialize success
15:48:50.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:48:50.542 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:48:50.586 Disk 0 MBR read successfully
15:48:50.589 Disk 0 MBR scan
15:48:50.592 Disk 0 Windows 7 default MBR code
15:48:50.595 Service scanning
15:49:01.864 Modules scanning
15:49:01.867 Disk 0 trace - called modules:
15:49:01.928 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
15:49:01.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce8060]
15:49:01.937 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a14050]
15:49:01.941 Scan finished successfully
15:50:20.195 Disk 0 MBR has been saved successfully to "C:\Users\***\Downloads\MBR.dat"
15:50:20.196 The log file has been saved successfully to "C:\Users\***\Downloads\aswMBR.txt"

Chris4You 30.11.2011 16:32
Hi,

sieht ok aus, was treibt der REchner?

Gruß,
chris

KingSkull 30.11.2011 20:00
wie was treibt der rechner? :D

Chris4You 30.11.2011 20:04
Hi,

some strange behaviour?

Chris

KingSkull 30.11.2011 20:36
Im mom nicht ;)

Chris4You 30.11.2011 20:43
Hi,

ok, nicht sonst auffälliges zu finden...

chris

KingSkull 01.12.2011 06:57
eig nich ne :)

Chris4You 01.12.2011 07:32
Hi,

gut dann wären wir erstmal "durch"...

chris

KingSkull 01.12.2011 16:36
super!

was war also jz Sache, war was drauf?

und vielen vielen Dank für die professionelle Hilfe!

LG

KingSkull 02.12.2011 20:25
Noch was ganz wichtiges!

Also: Wenn ich jetzt in Facebook gehe, und ma 5min nicht reinguck, dann kommt immer diese meldung:

Oh nein!
Beim Anzeigen dieser Webseite ist ein Fehler aufgetreten. ...usw.

Dann hab ich mal n bissel geguckt, und da stand u.a dass ich den rechner auf malware überprüfen soll...
irritiert mich grad ein bissel...

LG

Chris4You 02.12.2011 21:59
Hi,

lass mich raten, es wurde aber wieder nichts von den scannern gefunden, oder...

Prüfen wir nochmal den Bootblock:
MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten (ggf. mit rechter mousetaste anklicken, "Als Admin" und "Comp. Modus XP" auswähle/ankreuzen)"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

KingSkull 02.12.2011 22:25
Köntte ja auch einfach sein, dass der server überlastet war, oder das chrome bugt oder so..
hier is auf jedenfall das ergebnis:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 5820TG
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 205):
0x0320D000 \SystemRoot\system32\ntoskrnl.exe
0x037E9000 \SystemRoot\system32\hal.dll
0x00BBD000 \SystemRoot\system32\kdcom.dll
0x00C33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C77000 \SystemRoot\system32\PSHED.dll
0x00C8B000 \SystemRoot\system32\CLFS.SYS
0x00CE9000 \SystemRoot\system32\CI.dll
0x00E0D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC0000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F17000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F20000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F5D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F7F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F88000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F94000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01082000 \SystemRoot\System32\drivers\volmgrx.sys
0x010DE000 \SystemRoot\System32\drivers\mountmgr.sys
0x01233000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0143D000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01446000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01470000 \SystemRoot\system32\drivers\amdxata.sys
0x0147B000 \SystemRoot\system32\drivers\fltmgr.sys
0x014C7000 \SystemRoot\system32\drivers\fileinfo.sys
0x014DB000 \SystemRoot\system32\drivers\mfehidk.sys
0x0163E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0155A000 \SystemRoot\System32\Drivers\msrpc.sys
0x017E0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010F8000 \SystemRoot\System32\Drivers\cng.sys
0x01600000 \SystemRoot\System32\drivers\pcw.sys
0x01611000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01879000 \SystemRoot\system32\drivers\ndis.sys
0x0196B000 \SystemRoot\system32\drivers\NETIO.SYS
0x019CB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015B8000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0184A000 \SystemRoot\system32\drivers\TDI.SYS
0x01857000 \SystemRoot\system32\DRIVERS\wd.sys
0x0116B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0185F000 \SystemRoot\System32\Drivers\spldr.sys
0x011B7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01867000 \SystemRoot\System32\Drivers\mup.sys
0x019F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0161B000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03EB4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03EDE000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x03EE7000 \SystemRoot\System32\Drivers\Null.SYS
0x03EF0000 \SystemRoot\System32\Drivers\Beep.SYS
0x03EF7000 \SystemRoot\System32\drivers\vga.sys
0x03F05000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03F2A000 \SystemRoot\System32\drivers\watchdog.sys
0x03F3A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03F43000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03F4C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03F55000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03F60000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03F71000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03F8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C00000 \SystemRoot\system32\drivers\afd.sys
0x03C89000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03FD4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01048000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03FDD000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0106E000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x011F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03FF3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00FD8000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x01631000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x00FEB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00C00000 \SystemRoot\System32\drivers\discache.sys
0x00C0F000 \SystemRoot\System32\Drivers\dfsc.sys
0x02E59000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E6A000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x02E74000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02E9A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A80000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x09018000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x050EF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x09000000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04A46000 \SystemRoot\system32\drivers\usbehci.sys
0x02EF4000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04A57000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x051E3000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0446D000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0475C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04769000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04787000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04796000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x047E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x047EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04400000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x04408000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x04410000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0441D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04426000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0442B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04441000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04451000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F4A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x099F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F6E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F9D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FB8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FD9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02FF3000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x04467000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x02E43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054E2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0553C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A94000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05CD2000 \SystemRoot\system32\drivers\portcls.sys
0x05D0F000 \SystemRoot\system32\drivers\drmk.sys
0x05D31000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D37000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05D64000 \SystemRoot\system32\drivers\mfefirek.sys
0x05DCE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x000D0000 \SystemRoot\System32\win32k.sys
0x05A6B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05A77000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05DEB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C94000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05551000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x05572000 \SystemRoot\system32\drivers\luafv.sys
0x05595000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x055B5000 \SystemRoot\system32\drivers\WudfPf.sys
0x055D6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05466000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0547E000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x068F1000 \SystemRoot\system32\drivers\HTTP.sys
0x069B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x069D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0682D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0687B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0760F000 \SystemRoot\system32\drivers\peauth.sys
0x076B5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x076C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x076ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0772C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CF7000 \SystemRoot\System32\DRIVERS\srv.sys
0x07D8C000 \SystemRoot\system32\drivers\cfwids.sys
0x07DB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x00790000 \SystemRoot\System32\cdd.dll
0x0C0F1000 \??\C:\Users\***\AppData\Local\Temp\aswMBR.sys
0x0C0AB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0C0FF000 \SystemRoot\system32\drivers\mfeapfk.sys
0x0C11B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0C129000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0C142000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x47780000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFF1D0000 \Windows\System32\autochk.exe
0x77BA0000 \Windows\System32\user32.dll
0xFFF40000 \Windows\System32\gdi32.dll
0xFF1B0000 \Windows\System32\shell32.dll
0xFF110000 \Windows\System32\msvcrt.dll
0xFF0E0000 \Windows\System32\imm32.dll
0xFEFD0000 \Windows\System32\msctf.dll
0xFEF50000 \Windows\System32\shlwapi.dll
0x77A80000 \Windows\System32\kernel32.dll
0xFEDD0000 \Windows\System32\urlmon.dll
0xFEB70000 \Windows\System32\iertutil.dll
0xFEA40000 \Windows\System32\rpcrt4.dll
0xFE9F0000 \Windows\System32\ws2_32.dll
0xFE920000 \Windows\System32\usp10.dll
0xFE900000 \Windows\System32\imagehlp.dll
0x77E70000 \Windows\System32\psapi.dll
0xFE8B0000 \Windows\System32\Wldap32.dll
0xFE890000 \Windows\System32\sechost.dll
0xFE7B0000 \Windows\System32\oleaut32.dll
0xFE730000 \Windows\System32\difxapi.dll
0xFE520000 \Windows\System32\ole32.dll
0xFE480000 \Windows\System32\comdlg32.dll
0xFE470000 \Windows\System32\lpk.dll
0xFE340000 \Windows\System32\wininet.dll
0xFE2A0000 \Windows\System32\clbcatq.dll
0xFE290000 \Windows\System32\nsi.dll
0x77E60000 \Windows\System32\normaliz.dll
0xFE0B0000 \Windows\System32\setupapi.dll
0xFDFD0000 \Windows\System32\advapi32.dll
0xFDF90000 \Windows\System32\wintrust.dll
0xFDF70000 \Windows\System32\devobj.dll
0xFDF30000 \Windows\System32\cfgmgr32.dll
0xFDEC0000 \Windows\System32\KernelBase.dll
0xFDD50000 \Windows\System32\crypt32.dll
0xFDCB0000 \Windows\System32\comctl32.dll
0xFDCA0000 \Windows\System32\msasn1.dll
0x77200000 \Windows\SysWOW64\normaliz.dll

Processes (total 118):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
588 csrss.exe
672 csrss.exe
680 C:\Windows\System32\wininit.exe
716 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\services.exe
788 C:\Windows\System32\lsass.exe
800 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\atiesrxx.exe
568 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\atieclxx.exe
1236 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\wlanext.exe
1476 C:\Windows\System32\conhost.exe
1564 C:\Windows\System32\spoolsv.exe
1608 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1644 C:\Windows\System32\svchost.exe
1804 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1840 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1960 C:\Program Files\Bonjour\mDNSResponder.exe
1980 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2028 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
764 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
1216 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1792 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1316 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
1268 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1732 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1368 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2136 C:\Windows\System32\taskhost.exe
2252 C:\Windows\System32\dwm.exe
2324 C:\Windows\explorer.exe
2400 C:\Windows\System32\rundll32.exe
2428 C:\Windows\SysWOW64\rundll32.exe
2588 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
2632 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2668 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2700 C:\Windows\System32\svchost.exe
2740 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2792 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2872 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
3352 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
3360 C:\Windows\System32\conhost.exe
3384 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
3520 C:\Windows\System32\svchost.exe
3832 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2332 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3216 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
412 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
3736 C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
4144 C:\Windows\System32\wbem\unsecapp.exe
4248 WmiPrvSE.exe
4256 C:\Windows\System32\igfxpers.exe
4352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4528 C:\Program Files\Windows Sidebar\sidebar.exe
4744 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
4764 C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
4776 C:\Program Files\mcafee.com\agent\mcagent.exe
4788 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4940 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
3980 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
4416 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4200 C:\Program Files (x86)\Launch Manager\LManager.exe
4984 C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
5100 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
3544 C:\_OTL\MovedFiles\11272011_192039\C_Program Files (x86)\Ask.com\Updater\Updater.exe
3600 C:\Windows\System32\svchost.exe
5376 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
5392 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
5400 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
5484 C:\Windows\SysWOW64\rundll32.exe
5492 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
5500 C:\Program Files\Windows Media Player\wmpnetwk.exe
5588 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
5696 C:\Program Files (x86)\iTunes\iTunesHelper.exe
5780 C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
6004 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
2288 C:\Program Files (x86)\Launch Manager\LMworker.exe
5388 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6016 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
5340 C:\Program Files\iPod\bin\iPodService.exe
5052 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5656 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
4340 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
5032 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1152 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6396 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
6408 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
6420 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
6336 C:\Windows\SysWOW64\rundll32.exe
6276 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
7508 C:\Windows\System32\igfxext.exe
7656 C:\Windows\System32\igfxsrvc.exe
1528 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
1636 C:\Users\***\Desktop\Games\INVedit\INVedit.exe
8568 C:\Windows\System32\audiodg.exe
9608 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
7652 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
2076 C:\Windows\System32\SearchIndexer.exe
9920 C:\Windows\SysWOW64\javaw.exe
9716 C:\Windows\System32\StikyNot.exe
6716 C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
8404 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
7828 C:\Windows\System32\SearchProtocolHost.exe
8076 C:\Windows\System32\SearchFilterHost.exe
1384 dllhost.exe
7788 dllhost.exe
5336 C:\Users\***\Downloads\MBRCheck.exe
9300 C:\Windows\System32\conhost.exe
5668 C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`dfa00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

LG

Chris4You 02.12.2011 22:38
Hi,

das sieht ok aus...
Hmm, dann schauen wir nochmal von aussen auf den Rechner:

Dr. Web-Live-CD
Lade Dir das Abbild (Dr.Web CureIt! &mdash;) runter (jeweils die neuste Version, z. Z. http://download.geo.drweb.com/pub/dr...livecd-600.iso) und brenne es auf CD/DVD. Stelle dann im BIOS die Bootreihenfolge um (zuerst von CD booten), boote dann von der erstellten CD und starte Dr. Web Live CD (default). Lass dann alle Festplatten untersuchen...
Bei Funden bitte Name und Pfad notieren, bevor du sie von Dr. Web beseitigen lässt...
Weiter Anweisungen: Dr.Web CureIt! &mdash;

Das geht aber dann ziemlich lange...

chris

KingSkull 05.12.2011 14:39
Hey, Fehler is behoben, da hat mir chrome nur ein wenig rumgebugt.. ;)

danke trotzdem!

Chris4You 05.12.2011 14:41
Hi,

ok...

chris&out


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19