Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe (https://www.trojaner-board.de/121943-tr-atraps-gen-tr-atraps-gen2-probleme-explorer-exe.html)

Markus__ 12.08.2012 21:01
TR/ATRAPS.Gen und TR/ATRAPS.Gen2; Probleme mit explorer.exe
 
Hallo User,

ich habe mir offensichtlich beim Surfen einige Trojaner eingefangen und erhalte ständig Meldungen von Avira, dass ich mit TR/ATRAPS.Gen und TR.ATRAPS.Gen2 infiziert sei. Seit ganz Kurzem habe ich auch Meldungen erhalten von den Trojanern TR/Kazy.86117.1 und TR/Rogue.KD.694391.1 von Avira, mit den anderen beiden Meldungen werd ich nun in Ruhe gelassen, seltsamerweise und hab jetzt relativ lange (ca. eine Stunde) überhaupt keine Meldung mehr bekommen. Ich habe auch mal einen schnellen Scan mit MalwareBytes gemacht und als Ergebnis stand leider was von ZeroAccess und wie ich hier gelesen hab, würde das wohl heißen: System neu aufsetzen. Das nur im Vorraus, trotzdem wäre es nett, wenn ihr euch die Logs anschaut, vllt. könnt ihr mir dazu ja doch noch was Anderes sagen. Bevor ich die Logs poste, erstmal einige Sachen zum Verlauf.

Verlauf
Also, anscheinend hab ich mir die Schadsoftware beim Surfen eingefangen. Ich erhielt eigentlich zeitgleich sogar zwei Meldungen, einmal von Avira (kostenlose Version) und einmal vom systeminternen Windows Defender. Avira hat die beiden Trojaner ATRAPS/Gen und ATRAPS/Gen.2 gemeldet, vom Windows Defender weiß ich nicht mehr ganz genau, ob er diese Trojaner auch benannt hat, zumindest hat er eine "schwerwiegende" Bedrohung gemeldet. Als ich diese Meldungen bekommen hab, öffnete sich das UAC-Fenster, als ausführendes Programm gab sich Adobe aus (Flash, wenn ich mich richtig erinnere). Ich habe dies nicht zugelassen, weil es mir verdächtig vorkam. Das entsprechende UAC-Fenster tauchte allerdings immer wieder auf, ich habe aber abgelehnt. Aber permanent aufklappende UAC-Fenster stören halt, weswegen ich mich vom Benutzerkonto abgemeldet habe und wieder angemeldet habe. Windows Defender mit seinem Fenster hat da leider nicht reagiert und ich hab es beim Abmelden "gewaltsam" beendet. Tatsächlich, nach Ab- und Wiederanmeldung tauchte das Adobe-UAC-Fenster nicht mehr auf. Bei der Wiederanmeldung hat Windows Defender mich gefragt, ob einige Funktionen von explorer.exe (wohl der Windows-Explorer?) blockiert werden sollen und ich habe zugestimmt. Avira meldete allerdings immer wieder, etwa im Fünf-Minuten-Takt, die beiden Trojaner. Wenn ich mich recht erinnere, meldete Avira auch Probleme in Zusammenhang mit der explorer.exe, ein Scan der Datei hat allerdings nix ergeben (angeblich ist die Datei nicht infiziert lt. Avira). Ich habe es auch mit Neustarts versucht, Problem blieb bestehen. Jetzt habe ich, um die Logs zu erhalten, die Programme ausgeführt, die bei euch in der Anleitung stehen. Seit Kurzem meldete Avira nun die zwei weiteren Trojaner.


Weitere Auffälligkeiten
Ich habe die Meldungen auffälligerweise dann bekommen, wenn ich eine W-Lan-Verbindung hatte (aller paar Minuten). Hatte ich die Verbindung getrennt, kam iirc keine Meldung (oder viel weniger), beim Start einer Verbindung kam gleich wieder eine Meldung. Momentan hab ich trotz Verbindung schon recht lange keine Meldung mehr erhalten, das scheint zeitlich zusammenzufallen mit den neuen Trojanermeldungen (Kazy und Rogue).

Ich weiß nicht, ob das irgendeine Bewandnis hat und poste es einfach hier mal. Im Windows-Defender/Software-Explorer bei "zur Zeit ausgeführte Programme" haben die meisten Prozesse unter dem Namen "Betriebssystem Microsoft®" so ein Icon, das aussieht wie ein Fenster; bei explorer.exe findet sich hingegen ein Icon, dass dem Computer-Icon (vormals "Arbeitsplatz") ähnelt. Habe den Prozess auch einfach mal beendet, um laienhaft zu schauen, was passiert, einige Sachen, die mit diesem Prozess zusammenhingen verschwanden (z. B. Taskleiste) und tauchten wieder auf, nachdem sich der Prozess neugestartet hat. Meldungen von Avira blieben bestehen.

Logs
So, nachdem ich euch jetzt vielleicht ermüdet hab, nun die Logs.

OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 12.08.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free
4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.29 15:13:46 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.11 14:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.02.08 21:47:48 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.02.29 21:47:53 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms}
IE - HKCU\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
 
[2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.04.29 12:50:06 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions
[2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012.04.29 12:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1997.04.10 00:55:32 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 20:06:35 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012.07.22 10:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2012.07.22 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\***\D-Fend Reloaded
[2012.07.22 10:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2012.07.22 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eddy und Co
[2012.07.18 20:32:24 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Boven de Wolken_data
[2012.07.15 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skat-Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 20:23:58 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.12 19:47:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 19:47:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 19:46:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 19:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 19:46:14 | 2548,350,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 18:29:31 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk
[2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.22 10:46:14 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2012.07.18 20:32:24 | 000,003,723 | ---- | M] () -- C:\Users\***\Documents\Boven de Wolken.aup
 
========== Files Created - No Company Name ==========
 
[2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@
[2012.08.10 18:29:31 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.07.22 10:46:14 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2012.07.18 20:32:24 | 000,003,723 | ---- | C] () -- C:\Users\***\Documents\Boven de Wolken.aup
[2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI
[2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@
[2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI
[2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini
[2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL
[2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini
[2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst
[2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm
[2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader
[2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story
[2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF
[2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2012.08.11 15:45:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 12.08.2012 20:24:52 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 54,71% Memory free
4,98 Gb Paging File | 3,69 Gb Available in Paging File | 74,19% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 77,38 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 352,14 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00491F72-326D-486A-B59B-6C42742CE30C}" = rport=139 | protocol=6 | dir=out | app=system |
"{02D41DA6-9371-4FB9-91B8-E2AC8363BD74}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B920991-1C35-4F3B-B14D-0926929DECE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19FBF757-D8C7-4CF4-BF16-1E8EDDACF0C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EDFA460-E536-40BA-93D6-92F74447FFF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2794B89D-8A51-4744-9AF0-7F9299A0BFDA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3B44C8DE-BE8E-498E-870C-A5A8BA80244C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{41A9F118-9612-4CE0-9135-22426F8888A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F56DD90-686D-42DF-9BBC-818357A82C3E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{68E5C90F-1D42-4DFC-9A64-E7EB72CCD7C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B0FF415-2D83-4C72-8968-EFB1C21DBC77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7305B40B-F62F-443D-9BC2-9BDA1F6782A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{86A7F893-107B-472A-9564-C3BF3BDE3217}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8B74243B-67CF-47CE-9FBF-1B30C3BAB295}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C199A1F-05DD-4F9D-85BD-86E6D0BEFDDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A85693B2-93AD-48B3-8C58-1A4B0BC78F9C}" = lport=137 | protocol=17 | dir=in | app=system |
"{A97173BE-FBD7-44E4-A096-B1F5656964B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD5B04C2-04A3-4D29-AA28-DBE9630EA330}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B5E1ABFD-402A-4190-8247-96C7CCEA7EDB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B819FF43-4914-465B-83EE-9CF84C1C9DDD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BDB1543A-B2A6-4AA3-BAA2-74B6D7582680}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C92C3AEB-2E7F-4AFF-8DFB-BA4184A2CFE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9DC56A0-D51E-46AF-9514-FECF5BC61D86}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD097476-2B18-4516-B98D-26299A6888E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAAF3E71-6E16-4AED-B4BF-8B07D6AF5B2D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7297A5D-9973-4A10-8198-FB81DBB9DDCE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EF05170C-065E-497F-9CFE-B1A367305EB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F1C5E518-B6F9-4263-8568-B54320FF359F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F1E6B836-8C59-4615-B74A-C063588793A7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AA9AB-42C8-4F3D-9256-6A7F96DD69B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{074D0620-D90E-4127-B797-0FFD8F6762C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12A8DE98-1AD0-4C61-912A-4E76CB0F7F54}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{144B8537-F57A-49CE-BB9E-057019EACB6E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{17E3FFCF-1592-4E2B-BFD5-14DBFA6BDA7D}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{22489136-AA07-4C74-8B42-BF98F8F887E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{2707B312-68C0-4A37-8A7C-5EC2EE2494FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{29E725B3-3A92-43F4-AFAA-74EE4B37857D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2DA67581-A7DA-4F65-B9E3-463E8042309D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4BAAA90A-FE21-489C-8FEB-AD98F54E0F14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53A17D13-8E50-44ED-AC60-6C4D0F896E93}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{58C570CE-3EC4-47F8-BFC8-C2710D830DAF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6066D1BC-E83D-453C-9A13-F783C89EA3BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{62867A75-0D33-4511-A598-22E039039866}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{69738652-6541-4EF2-9D7B-E87F6CC23655}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{76A15512-CDB2-4E56-965B-E840E979EC72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7771613F-E604-45F1-9D9C-CFEEE5358ED6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83591B4F-7440-4BF9-A322-BA6F768C3640}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{953491EB-5A23-41A0-996E-D4CC2E73A76E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9EBB30FD-6109-4DCE-8C38-7D6285327DB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AAC4B0ED-56C5-428B-A5C5-3CB4A85A358C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B9DC143B-6364-4F7E-A4D3-C43EF9EC2D6F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{BB0E7FC6-7232-4523-915C-FF52EEC2EBDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C9F1ED27-7BF4-4431-B590-9DFCEA5DC605}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{DCC1AA4A-6CC6-4CA4-B2D2-667BB747B280}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E5804014-10BC-43D9-AA51-D42DAFB56F18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EACC7E42-99F6-488E-B981-75222DCA8941}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EDCF72F0-7279-4A6A-8E38-C1F9FA28187B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F5691DEB-18BA-4A46-82F3-DC446BD85431}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{FBBE2271-E2CD-4454-8E69-A02F6B5355E9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{008C73F6-42CC-49DA-8056-2DFD0F92FA21}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6A1E4700-F0E3-4349-9A13-54E3D77B1201}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{AC39B74B-BEDD-41B0-9F7F-653535B1B8CC}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{D41B2A3A-EC74-4C9C-A898-C11A4F37555C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DF0340A8-7E6C-4C71-887F-41FA86C751E6}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe |
"UDP Query User{4D9DBE6D-3020-41B4-88AF-A77D472116B3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{913EEFFE-8126-4E2C-ACF0-E1BDB7F808BB}C:\users\***\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{9DB93350-D455-4B83-A9D4-3EF6D2124D52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C9ABAD9F-378F-489E-AB43-22F0FDCA5D14}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FE844324-1CED-4502-AD50-BAD591BDE12B}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BACCCD-A20A-B42D-94FD-97E58A7E82EF}" = ccc-utility
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4748E6-E093-FA89-7999-737F48C4767F}" = Catalyst Control Center InstallProxy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{549DEC06-C480-280A-6286-8C93409A933F}" = AMD Fuel
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6989007F-5785-44C3-BD8E-BEEEF58BB304}" = Deutsch (erweitert I) 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A180ABF7-A88F-FEB2-E94D-ED459821B86B}" = AMD Catalyst Install Manager
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = AMD VISION Engine Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DFC40BAA-67F8-4578-84FB-C6077D22BBC2}" = Deutsch (erweitert)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F737C2B0-0B9C-45F9-AEF1-BBA54AECC215}" = Deutsch (erweitert II) 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cities XL 2011" = Cities XL 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Defraggler" = Defraggler
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstallieren)
"FeedReader_is1" = FeedReader
"Fraps" = Fraps
"GIF Animator" = Microsoft GIF Animator
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Inkscape" = Inkscape 0.47
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Little Piano_is1" = Little Piano
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDefrag v4.2.8_is1" = MyDefrag v4.2.8
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Notepad++" = Notepad++
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Opera 11.51.1087" = Opera 11.51
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.3.2
"ST5UNST #1" = PixLin
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tiled" = Tiled - Tiled Map Editor
"Trucks & Trailers" = Trucks & Trailers 1.00
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Magic Machines" = World of Magic Machines
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JOSM" = JOSM
"Skat-Online V9" = Skat-Online V9
"StrokeIt" = StrokeIt
"StrokeIt (Deutsch)" = StrokeIt (Deutsch)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3028
Description =
 
Error - 10.08.2012 06:56:45 | Computer Name = Notebook | Source = Windows Search Service | ID = 3058
Description =
 
Error - 10.08.2012 06:58:01 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 10.08.2012 10:35:19 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 10.08.2012 13:47:46 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 10.08.2012 15:24:08 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2012 06:01:16 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
Error - 12.08.2012 13:47:55 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 28.10.2010 13:27:07 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 13:29:59 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 31.10.2010 02:17:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 13:10:03 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2010 11:32:04 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.01.2011 12:14:27 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.02.2011 13:04:47 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 14:58:23 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3309
 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2012 16:09:33 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9812
 seconds with 6420 seconds of active time.  This session ended with a crash.
 
Error - 03.04.2012 13:25:05 | Computer Name = Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 213
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.08.2012 09:02:13 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2012 09:05:30 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2012 09:11:58 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2012 09:14:33 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.08.2012 09:19:55 | Computer Name = Notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 11.08.2012 09:44:56 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
 
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.08.2012 13:47:56 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---



GMer hab ich eigentlich auch durchlaufen lassen, hatte aber keine Rootkit-Meldung und find jetzt auch irgendwie keine .txt dazu; wenn ich nochmal einen Scan machen soll, sagts mir.

Und von Malwarebytes mit ZeroAccess-Meldung ...

Zitat:
[...]

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: NOTEBOOK [Administrator]

12.08.2012 20:01:24
mbam-log-2012-08-12 (20-18-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190443
Laufzeit: 15 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n. -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\AppData\Local\Temp\6255936.exe (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Keine Aktion durchgeführt.

(Ende)
EDIT: Nachdem es so ruhig geworden ist mit Meldungen, hab ich mit Malwarebytes auch nochmal nen Suchlauf gemacht und erhalte statt vier nur noch zwei Meldungen, nämlich "nur noch" die beiden Trojan.Zaccess.

Und von Avira einige meiner Meldungen, hab mal für alle Trojaner, die mir gemeldet wurden, was rausgesucht:
Zitat:
12.08.2012 21:03 [System Scanner] Malware gefunden
Die Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.86117.1' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Eine Exception wurde abgefangen!
Zitat:
Exportierte Ereignisse:

12.08.2012 20:19 [System Scanner] Malware gefunden
Die Datei 'C:\Users\***\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.KD.694391.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55d55bc2.qua'
verschoben!

Zitat:
Exportierte Ereignisse:

12.08.2012 19:48 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\80000000
.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Zitat:
Exportierte Ereignisse:

12.08.2012 19:48 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\800000cb
.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Ganz schön viel Info, vllt. könnt ihr mir ja helfen.

Markus

cosinus 16.08.2012 10:50
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Markus__ 16.08.2012 18:09
Hallo und Danke, dass du dich um mein Thema hier kümmerst.
Wie es aussieht, haben weder Malwarebytes noch ESET was gefunden. (Wie gesagt, ich erhalte auch keine Meldungen mehr von Avira und der PC scheint normal und nicht verlangsamt zu laufen.) Es folgen die angefragten Logs.

Malwarebytes - Full-Scan von heute:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: NOTEBOOK [Administrator]

16.08.2012 14:25:47
mbam-log-2012-08-16 (14-25-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359377
Laufzeit: 1 Stunde(n), 46 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes - Quick-Scan vom 13.08, als ich die zwei gefundenen Trojaner in Quarantäne verschoben habe:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: NOTEBOOK [Administrator]

13.08.2012 10:07:36
mbam-log-2012-08-13 (10-07-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190467
Laufzeit: 6 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes - Quick-Scan vom 12.08; als ich vier Trojaner gefunden habe und diese zu dem Zeitpunkt nicht in Quarantäne verschoben habe: Log siehe Eingangspost
[beim nächsten Scan siehe Log von soeben wurden nur noch zwei Trojaner gefunden; vllt. zwei entfernt von Avira?!]

ESET-Log von heute
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8db45aeec86d7543a3b2c914c3114340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-16 04:30:31
# local_time=2012-08-16 06:30:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 26292474 26292474 0 0
# compatibility_mode=5892 16776637 100 100 165573 182660387 0 0
# compatibility_mode=8192 67108863 100 0 535 535 0 0
# scanned=175866
# found=0
# cleaned=0
# scan_time=6972

cosinus 17.08.2012 16:50
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Markus__ 17.08.2012 18:55
Hier der Log.

AdwCleaner:

Code:
# AdwCleaner v1.801 - Logfile created 08/17/2012 at 19:52:48
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : *** - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Partner

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\prefs.js

Found : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : Entwickler
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\czzssl4z.Entwickler\prefs.js

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2082 octets] - [17/08/2012 19:52:48]

########## EOF - C:\AdwCleaner[R1].txt - [2210 octets] ##########
EDIT: Ah, ich seh schon, da ist was von Softonic drin. Eigentlich vermeide ich von dort zu downloaden, da ich auch nicht einsehe, warum ich für einen Download Zusatzsoftware brauche (einen Downloadhelfer oder dergleichen).

cosinus 18.08.2012 11:36
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Markus__ 19.08.2012 10:00
AdwCleaner-Log:

Code:
# AdwCleaner v1.801 - Logfile created 08/19/2012 at 10:48:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Markus - NOTEBOOK
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\staged
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\prefs.js

Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Profile name : Entwickler
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\czzssl4z.Entwickler\prefs.js

[OK] File is clean.

-\\ Opera v11.51.1087.0

File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2211 octets] - [17/08/2012 19:52:48]
AdwCleaner[S1].txt - [2170 octets] - [19/08/2012 10:48:04]

########## EOF - C:\AdwCleaner[S1].txt - [2298 octets] ##########
Und sollten sich bei dir nun geheimnisvollerweise zwei Fragen auftun (etwa, ob ich was im Startmenü vermisse oder ob der normale Modus von Windows funktioniert):
Also, soweit ich das sehe, vermisse ich nix im Startmenü, das einzige an vllt. Relevantem, was mir aufgefallen ist, ist ein leerer Ordner "Autostart", aber der war vllt. vorher auch schon leer. Der normale Modus von Windows funktioniert weiterhin wie eh schon die ganze Zeit. ;)

cosinus 20.08.2012 17:10
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Markus__ 21.08.2012 11:26
Bitteschön!

Code:
OTL logfile created on: 21.08.2012 12:02:00 - Run 2
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,37 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 61,35% Memory free
4,98 Gb Paging File | 3,81 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 75,22 Gb Free Space | 52,73% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 142,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.21 12:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.20 11:30:52 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.08.13 10:05:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.08.13 10:05:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.13 10:05:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.13 10:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.17 08:37:06 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.09.19 05:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
MOD - [2011.07.28 22:52:38 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.01.03 19:28:02 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\exec.dll
MOD - [2010.01.03 19:28:02 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\msg.dll
MOD - [2010.01.03 19:28:02 | 000,012,936 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\OSD.dll
MOD - [2010.01.03 19:28:00 | 000,018,056 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\keys.dll
MOD - [2010.01.03 19:28:00 | 000,016,520 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\win.dll
MOD - [2010.01.03 19:28:00 | 000,013,960 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\utilities.dll
MOD - [2010.01.03 19:28:00 | 000,013,448 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\multimon.dll
MOD - [2010.01.03 19:28:00 | 000,010,376 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\Plugins\siControl.dll
MOD - [2010.01.03 19:27:58 | 000,026,248 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
MOD - [2010.01.03 19:27:58 | 000,011,912 | ---- | M] () -- C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\mhook.dll
MOD - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2012.08.13 10:05:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.08.13 10:05:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.09 12:04:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.09.22 18:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 18:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 18:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 18:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.28 17:42:48 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.07.29 09:50:16 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.11.28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.10.04 05:09:02 | 000,069,632 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.08.13 10:05:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.13 10:05:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.01.07 23:46:28 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 11:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 11:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008.10.01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.08.26 21:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.03 15:05:36 | 000,162,944 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE366
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deDE366&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms}
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{F7103568-793E-4058-8BEA-7762A862D1DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deDE366
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012.08.09 12:04:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011.12.23 12:26:20 | 000,000,000 | ---D | M]
 
[2010.06.08 16:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.08.19 10:48:14 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions
[2012.04.29 12:30:33 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000..\Run: [StrokeIt] C:\Users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe ()
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24B3E122-C6A0-4BA5-87B6-4D097E6230A1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.17 11:51:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\vllg_data
[2012.08.17 11:45:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hmne_data
[2012.08.16 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.16 16:22:56 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.12 20:06:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.12 19:59:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.12 19:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 19:59:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.12 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.05 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 12:00:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.21 11:57:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.21 11:57:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 11:57:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 11:56:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.21 11:56:47 | 2546,290,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.21 11:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.20 14:11:51 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.08.17 20:31:57 | 003,169,576 | ---- | M] () -- C:\Users\***\Documents\Trte.wav
[2012.08.17 19:52:37 | 000,618,227 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.17 11:51:01 | 000,002,219 | ---- | M] () -- C:\Users\***\Documents\vllg.aup
[2012.08.17 11:45:02 | 000,001,340 | ---- | M] () -- C:\Users\***\Documents\Hmne.aup
[2012.08.17 11:17:39 | 004,809,942 | ---- | M] () -- C:\Users\***\Documents\Hmne.wav
[2012.08.16 16:25:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.08.15 15:57:21 | 000,001,367 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.08.15 11:41:00 | 000,330,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.13 10:05:11 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.08.13 10:05:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.08.12 20:21:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.07 12:08:02 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk
[2012.08.05 11:54:31 | 000,000,868 | ---- | M] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.08.04 12:37:10 | 000,002,673 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.07.31 17:22:34 | 000,002,633 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.17 20:31:57 | 003,169,576 | ---- | C] () -- C:\Users\***\Documents\Trte.wav
[2012.08.17 19:52:25 | 000,618,227 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.08.17 11:51:01 | 000,002,219 | ---- | C] () -- C:\Users\***\Documents\vllg.aup
[2012.08.17 11:45:02 | 000,001,340 | ---- | C] () -- C:\Users\***\Documents\Hmne.aup
[2012.08.17 11:17:38 | 004,809,942 | ---- | C] () -- C:\Users\***\Documents\Hmne.wav
[2012.08.15 15:57:21 | 000,001,367 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.08.12 20:21:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.12 20:07:06 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\04d9n2x1.exe
[2012.08.12 20:06:13 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 19:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.11 13:47:26 | 000,001,712 | ---- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@
[2012.08.05 11:54:31 | 000,000,868 | ---- | C] () -- C:\Users\***\Desktop\Notepad++.lnk
[2012.06.13 19:32:33 | 000,000,054 | ---- | C] () -- C:\Windows\WELTALL.INI
[2012.01.11 20:19:34 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@
[2011.10.07 17:39:58 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2011.09.18 15:30:51 | 000,000,306 | ---- | C] () -- C:\Windows\FANGT.INI
[2011.08.01 10:21:01 | 000,000,116 | -H-- | C] () -- C:\Users\***\kvirc4.ini
[2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.07.03 11:51:31 | 000,000,101 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.06.27 20:53:02 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.06.01 14:10:25 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.08 20:05:27 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.05.08 20:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREU1.DLL
[2011.01.15 15:23:34 | 000,017,408 | ---- | C] () -- C:\Windows\System32\KBDGREL1.DLL
[2010.12.27 11:11:47 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.25 22:19:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.25 22:19:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.28 12:41:18 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\EasyToolz.ini
[2010.10.03 12:57:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\tkcon.hst
[2010.03.08 19:53:38 | 000,008,512 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.02.14 19:31:07 | 000,000,736 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.02.09 14:54:04 | 000,014,336 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm
[2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader
[2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story
[2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF
[2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
[2012.08.21 11:55:54 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.08 21:53:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.11.06 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.02.21 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2011.04.11 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.05.31 17:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\apm
[2010.02.08 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2011.10.17 09:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.02.09 09:51:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.04.06 10:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.02.08 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2011.08.13 11:53:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader
[2010.02.09 11:21:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.08.08 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.03.15 22:21:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.02.08 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.02.15 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2010.02.08 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.05.29 17:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2012.08.21 10:07:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magnet's Story
[2012.08.12 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.08.19 09:57:33 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.06.08 16:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.05.11 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2012.08.05 11:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.08.03 14:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.28 09:50:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.25 22:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2011.10.07 17:39:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.09 20:24:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.05.11 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrimoPDF
[2010.04.01 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2010.12.25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.05.26 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2010.11.25 18:26:45 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2010.02.09 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftDMA
[2011.05.16 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TCB Networks
[2010.08.09 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.02.14 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.05.31 18:46:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.02.21 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.02.10 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.06.17 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.07.08 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2010.12.25 22:26:26 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\***\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.11.09 17:58:38 | 000,131,072 | ---- | M] (Hard & Software) -- C:\PixLin.exe
[2012.06.14 20:57:45 | 000,589,824 | ---- | M] (Samsung Printer) -- C:\SP_Connector.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Users\***\Weitere Daten\XP Sicherung\I386\sp2.cab:AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Acer\Preload\Autorun\DRV\ATIVGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys
[2009.01.07 23:46:26 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys
[2008.09.10 22:07:48 | 000,182,288 | ---- | M] (AMD Technologies Inc.) MD5=6F1565AD2C46A5BC20107A4626E9A340 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_38fe8913\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Users\***\Weitere Daten\XP Sicherung\I386\sp2.cab:atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
Avira hat neue (?) Malware gefunden!

Code:
Typ:        Datei
Quelle:        C:\Users\Markus\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U\00000001.@
Status:        Infiziert
Quarantäne-Objekt:        5537d8bb.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows XP/VISTA Workstation/Windows 7
Suchengine:        8.02.10.132
Virendefinitionsdatei:        7.11.40.06
Meldung:        BDS/ZAccess.V
Datum/Uhrzeit:        21.08.2012, 13:32
Habe den PC weiterhin normal genutzt, (ohne derart sicherheitskritischen Anwendungen wie Onlinekäufe oder Onlinebanking), auch zum Surfen. Ich habe ja bis heute auch keine Meldungen von Avira mehr bekommen. Die obige Fehlermeldung erschien iirc, als ich den Browser schon zugemacht hatte und den PC runterfahren wollte. War, soweit ich mich erinnern kann, in dieser Session auch nur auf mir bekannten und vertrauenswürdigen Seiten. Sollte ich evtl. einige meiner Plugins aktualisieren, die vermutlich veraltet sind? Habe das bis jetzt erstmal gelassen, weil ich warten wollte, bis du mir das "okay" gibst, dass alles fertig ist. Aber wie gesagt, ich nutze den Rechner weiterhin (freizeitmäßig und würde meine Surfgewohnheiten auch als weitgehend unproblematisch bezeichnen, mit bekannten Sites.)

Die Avira-Meldung stammt aus der gleichen Sitzung wie der obige OTL-CustomScan. Habe während des Scans natürlich nix am Computer gemacht, aber das OTL-Fenster erst später geschlossen, dabei zeitliche Nähe zu besagter Avira-Meldung. Könnte es evtl. sein, dass OTL das "aufgedeckt" hat?

Nach einem Reboot startete Avira erst recht spät, Windows meldete zwischendurch, der Virenscanner sei aus. Ich wollte manuell aktivieren und bekam eine Windows-Meldung, ob das Programm den vertrauenswürdig sei und ich fortfahren wolle; habe das erstmal gelassen; Problem löste sich kurzerhand anscheinend von selbst, in dem auch der Scanner dann endlich startete und das Sicherheitscenter keine solchen Probleme mehr meldete.

Habe zudem auch gleich einen Quick-Scan mit Malwarebytes gemacht:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Markus :: NOTEBOOK [Administrator]

21.08.2012 13:52:26
mbam-log-2012-08-21 (13-52-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191337
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 21.08.2012 13:54
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
SRV - File not found [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
IE - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=rSYXg_eRnikxcsKZWHKq1vIEWKQ?q={searchTerms}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\L
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@
C:\Users\***\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Markus__ 21.08.2012 17:31
Vielen Dank für deine Antwort und das Script. Ich hoffe, du hast auch mein Edit oben zur Kenntnis genommen (der Abschnitt ab "Avira hat neue Malware gefunden"), da deine Antwort sehr prompt nach dem Edit kam.

Code:
All processes killed
========== OTL ==========
Service Partner Service stopped successfully!
Service Partner Service deleted successfully!
File C:\ProgramData\Partner\partner.exe not found.
Registry key HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMorePrograms deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\L folder moved successfully.
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\U folder moved successfully.
File\Folder C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\n not found.
C:\Users\***\AppData\Local\{f696e7f7-774c-5c1a-531f-0d56adb0af44}\@ moved successfully.
C:\Users\***\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 21204382 bytes
->Temporary Internet Files folder emptied: 1523712 bytes
->Java cache emptied: 28339400 bytes
->FireFox cache emptied: 61198178 bytes
->Opera cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54872 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 107,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.58.1 log created on 08212012_182204

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\versaleszett.zip  not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Was ich übrigens nicht so recht verstehe, ist, wie der Firefoxcache beim Leeren eine so große Bytezahl zeigt, ich hab nämlich eig. gedacht, dass ich das Caching deaktiviert habe.

Wie auch immer, dir noch einen erholsamen Urlaub. ;)

cosinus 30.08.2012 12:20
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Markus__ 31.08.2012 15:00
Willkommen zurück!

Log
Code:
15:52:18.0363 5576  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:52:18.0426 5576  ============================================================
15:52:18.0426 5576  Current date / time: 2012/08/31 15:52:18.0426
15:52:18.0426 5576  SystemInfo:
15:52:18.0426 5576 
15:52:18.0426 5576  OS Version: 6.0.6002 ServicePack: 2.0
15:52:18.0426 5576  Product type: Workstation
15:52:18.0426 5576  ComputerName: NOTEBOOK
15:52:18.0426 5576  UserName: ***
15:52:18.0426 5576  Windows directory: C:\Windows
15:52:18.0426 5576  System windows directory: C:\Windows
15:52:18.0426 5576  Processor architecture: Intel x86
15:52:18.0426 5576  Number of processors: 2
15:52:18.0426 5576  Page size: 0x1000
15:52:18.0426 5576  Boot type: Normal boot
15:52:18.0426 5576  ============================================================
15:52:19.0939 5576  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:52:19.0939 5576  ============================================================
15:52:19.0939 5576  \Device\Harddisk0\DR0:
15:52:19.0939 5576  MBR partitions:
15:52:19.0939 5576  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x11D4D000
15:52:19.0939 5576  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x130D5800, BlocksNum 0x11D58800
15:52:19.0939 5576  ============================================================
15:52:19.0970 5576  C: <-> \Device\Harddisk0\DR0\Partition1
15:52:20.0017 5576  D: <-> \Device\Harddisk0\DR0\Partition2
15:52:20.0017 5576  ============================================================
15:52:20.0017 5576  Initialize success
15:52:20.0017 5576  ============================================================
15:53:56.0050 4940  ============================================================
15:53:56.0050 4940  Scan started
15:53:56.0050 4940  Mode: Manual; SigCheck; TDLFS;
15:53:56.0050 4940  ============================================================
15:53:59.0202 4940  ================ Scan services =============================
15:53:59.0498 4940  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:53:59.0654 4940  ACPI - ok
15:53:59.0779 4940  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:53:59.0810 4940  AdobeARMservice - ok
15:53:59.0872 4940  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
15:53:59.0904 4940  adp94xx - ok
15:53:59.0950 4940  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
15:53:59.0997 4940  adpahci - ok
15:54:00.0044 4940  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:54:00.0060 4940  adpu160m - ok
15:54:00.0075 4940  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
15:54:00.0091 4940  adpu320 - ok
15:54:00.0138 4940  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:54:00.0200 4940  AeLookupSvc - ok
15:54:00.0247 4940  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
15:54:00.0294 4940  AFD - ok
15:54:00.0325 4940  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:54:00.0340 4940  agp440 - ok
15:54:00.0387 4940  [ 03081E98C515CB838434D252F407F6E8 ] ahcix86s        C:\Windows\system32\DRIVERS\ahcix86s.sys
15:54:00.0418 4940  ahcix86s - ok
15:54:00.0434 4940  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
15:54:00.0450 4940  aic78xx - ok
15:54:00.0481 4940  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
15:54:00.0543 4940  ALG - ok
15:54:00.0559 4940  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:54:00.0574 4940  aliide - ok
15:54:00.0652 4940  ALSysIO - ok
15:54:00.0699 4940  [ FF794EC143F166349B49CF13507311D2 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:54:00.0855 4940  AMD External Events Utility - ok
15:54:00.0918 4940  AMD FUEL Service - ok
15:54:00.0964 4940  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:54:00.0980 4940  amdagp - ok
15:54:00.0996 4940  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:54:01.0011 4940  amdide - ok
15:54:01.0042 4940  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
15:54:01.0042 4940  amdiox86 - ok
15:54:01.0074 4940  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
15:54:01.0120 4940  AmdK7 - ok
15:54:01.0136 4940  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
15:54:01.0167 4940  AmdK8 - ok
15:54:01.0495 4940  [ 68D791D78454684340433E52059EB45E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:01.0869 4940  amdkmdag - ok
15:54:01.0947 4940  [ 96CD7053A516C30E61A05DF9757DA7DE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:54:01.0994 4940  amdkmdap - ok
15:54:02.0072 4940  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\Windows\system32\DRIVERS\AmdLLD.sys
15:54:02.0103 4940  AmdLLD - ok
15:54:02.0181 4940  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:02.0212 4940  AntiVirSchedulerService - ok
15:54:02.0259 4940  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:02.0275 4940  AntiVirService - ok
15:54:02.0322 4940  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
15:54:02.0353 4940  Appinfo - ok
15:54:02.0384 4940  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
15:54:02.0400 4940  arc - ok
15:54:02.0431 4940  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:54:02.0446 4940  arcsas - ok
15:54:02.0493 4940  [ E54E27976E2C5A6465D44C10B1D87AC0 ] ASPI            C:\Windows\System32\DRIVERS\ASPI32.sys
15:54:02.0524 4940  ASPI ( UnsignedFile.Multi.Generic ) - warning
15:54:02.0524 4940  ASPI - detected UnsignedFile.Multi.Generic (1)
15:54:02.0634 4940  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:54:02.0649 4940  aspnet_state - ok
15:54:02.0743 4940  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:02.0790 4940  AsyncMac - ok
15:54:02.0821 4940  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
15:54:02.0852 4940  atapi - ok
15:54:03.0086 4940  [ D59E7A5DAA08C91172E95B4F1CA6D8C3 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:54:03.0258 4940  athr - ok
15:54:03.0741 4940  [ 68D791D78454684340433E52059EB45E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:04.0100 4940  atikmdag - ok
15:54:04.0194 4940  [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
15:54:04.0194 4940  AtiPcie - ok
15:54:04.0303 4940  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:54:04.0334 4940  AudioEndpointBuilder - ok
15:54:04.0350 4940  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:54:04.0365 4940  Audiosrv - ok
15:54:04.0443 4940  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:04.0459 4940  avgntflt - ok
15:54:04.0521 4940  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:54:04.0537 4940  avipbb - ok
15:54:04.0584 4940  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:54:04.0599 4940  avkmgr - ok
15:54:04.0693 4940  [ 6FB43F0DADB3FDC287D080C19666AF8D ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:54:04.0755 4940  b57nd60x - ok
15:54:04.0802 4940  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:54:04.0833 4940  Beep - ok
15:54:04.0880 4940  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
15:54:04.0927 4940  BFE - ok
15:54:04.0989 4940  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:54:05.0052 4940  BITS - ok
15:54:05.0083 4940  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:54:05.0114 4940  blbdrive - ok
15:54:05.0145 4940  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:54:05.0176 4940  bowser - ok
15:54:05.0223 4940  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:54:05.0286 4940  BrFiltLo - ok
15:54:05.0301 4940  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:54:05.0332 4940  BrFiltUp - ok
15:54:05.0364 4940  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
15:54:05.0410 4940  Browser - ok
15:54:05.0426 4940  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
15:54:05.0488 4940  Brserid - ok
15:54:05.0551 4940  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:54:05.0613 4940  BrSerWdm - ok
15:54:05.0660 4940  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:54:05.0754 4940  BrUsbMdm - ok
15:54:05.0800 4940  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:54:05.0894 4940  BrUsbSer - ok
15:54:05.0972 4940  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:54:06.0034 4940  BTHMODEM - ok
15:54:06.0097 4940  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
15:54:06.0097 4940  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:06.0097 4940  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
15:54:06.0128 4940  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:54:06.0175 4940  cdfs - ok
15:54:06.0206 4940  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:54:06.0268 4940  cdrom - ok
15:54:06.0315 4940  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
15:54:06.0346 4940  CertPropSvc - ok
15:54:06.0378 4940  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
15:54:06.0409 4940  circlass - ok
15:54:06.0471 4940  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:54:06.0487 4940  CLFS - ok
15:54:06.0658 4940  [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
15:54:06.0690 4940  CLHNService ( UnsignedFile.Multi.Generic ) - warning
15:54:06.0690 4940  CLHNService - detected UnsignedFile.Multi.Generic (1)
15:54:06.0721 4940  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:06.0736 4940  clr_optimization_v2.0.50727_32 - ok
15:54:06.0783 4940  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:06.0799 4940  clr_optimization_v4.0.30319_32 - ok
15:54:06.0830 4940  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:06.0877 4940  CmBatt - ok
15:54:06.0892 4940  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:54:06.0924 4940  cmdide - ok
15:54:06.0970 4940  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:54:06.0986 4940  Compbatt - ok
15:54:07.0002 4940  COMSysApp - ok
15:54:07.0048 4940  [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135        C:\Windows\system32\drivers\cpuz135_x32.sys
15:54:07.0064 4940  cpuz135 - ok
15:54:07.0064 4940  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
15:54:07.0080 4940  crcdisk - ok
15:54:07.0095 4940  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:54:07.0142 4940  Crusoe - ok
15:54:07.0173 4940  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:54:07.0204 4940  CryptSvc - ok
15:54:07.0423 4940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:54:07.0485 4940  DcomLaunch - ok
15:54:07.0532 4940  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:54:07.0563 4940  DfsC - ok
15:54:07.0641 4940  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:54:07.0797 4940  DFSR - ok
15:54:07.0828 4940  DgiVecp - ok
15:54:07.0875 4940  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:54:07.0922 4940  Dhcp - ok
15:54:07.0969 4940  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:54:07.0984 4940  disk - ok
15:54:08.0047 4940  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr        C:\Windows\system32\DRIVERS\DKbFltr.sys
15:54:08.0062 4940  DKbFltr - ok
15:54:08.0109 4940  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:54:08.0140 4940  Dnscache - ok
15:54:08.0203 4940  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:54:08.0234 4940  dot3svc - ok
15:54:08.0281 4940  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
15:54:08.0312 4940  DPS - ok
15:54:08.0374 4940  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:54:08.0421 4940  drmkaud - ok
15:54:08.0562 4940  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:54:08.0608 4940  DXGKrnl - ok
15:54:08.0655 4940  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:08.0733 4940  E1G60 - ok
15:54:08.0780 4940  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
15:54:08.0827 4940  EapHost - ok
15:54:08.0889 4940  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:54:08.0983 4940  Ecache - ok
15:54:09.0154 4940  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
15:54:09.0186 4940  eDataSecurity Service - ok
15:54:09.0388 4940  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:54:09.0466 4940  ehRecvr - ok
15:54:09.0498 4940  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
15:54:09.0560 4940  ehSched - ok
15:54:09.0622 4940  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
15:54:09.0700 4940  ehstart - ok
15:54:09.0732 4940  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
15:54:09.0763 4940  elxstor - ok
15:54:09.0872 4940  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
15:54:09.0919 4940  EMDMgmt - ok
15:54:09.0981 4940  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:54:10.0028 4940  ErrDev - ok
15:54:10.0090 4940  [ F25247D0E011A643EE60052CE23BE05E ] ETService      C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:54:10.0106 4940  ETService ( UnsignedFile.Multi.Generic ) - warning
15:54:10.0106 4940  ETService - detected UnsignedFile.Multi.Generic (1)
15:54:10.0153 4940  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
15:54:10.0184 4940  EventSystem - ok
15:54:10.0231 4940  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
15:54:10.0262 4940  exfat - ok
15:54:10.0293 4940  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:54:10.0340 4940  fastfat - ok
15:54:10.0371 4940  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:54:10.0434 4940  fdc - ok
15:54:10.0465 4940  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:54:10.0496 4940  fdPHost - ok
15:54:10.0512 4940  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:54:10.0574 4940  FDResPub - ok
15:54:10.0590 4940  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:54:10.0605 4940  FileInfo - ok
15:54:10.0636 4940  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:54:10.0699 4940  Filetrace - ok
15:54:10.0730 4940  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:10.0808 4940  flpydisk - ok
15:54:10.0870 4940  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:54:10.0886 4940  FltMgr - ok
15:54:10.0964 4940  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
15:54:11.0104 4940  FontCache - ok
15:54:11.0370 4940  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:11.0385 4940  FontCache3.0.0.0 - ok
15:54:11.0448 4940  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk    C:\Windows\system32\FsUsbExDisk.SYS
15:54:11.0463 4940  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:54:11.0463 4940  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:54:11.0510 4940  [ 346086A99E6347C11E20D3FCBAEEAB77 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
15:54:11.0526 4940  FsUsbExService - ok
15:54:11.0572 4940  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:54:11.0604 4940  Fs_Rec - ok
15:54:11.0635 4940  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:54:11.0650 4940  gagp30kx - ok
15:54:12.0025 4940  [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:54:12.0025 4940  GoogleDesktopManager-110309-193829 - ok
15:54:12.0290 4940  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:54:12.0337 4940  gpsvc - ok
15:54:12.0493 4940  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:12.0508 4940  gupdate - ok
15:54:12.0540 4940  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:12.0540 4940  gupdatem - ok
15:54:12.0618 4940  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:54:12.0680 4940  HdAudAddService - ok
15:54:12.0836 4940  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:12.0945 4940  HDAudBus - ok
15:54:12.0992 4940  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:54:13.0054 4940  HidBth - ok
15:54:13.0117 4940  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
15:54:13.0179 4940  HidIr - ok
15:54:13.0226 4940  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
15:54:13.0273 4940  hidserv - ok
15:54:13.0304 4940  [ 7F7E5E98CEFED8A10F7E56810EA7B6DF ] hidshim        C:\Windows\system32\DRIVERS\hidshim.sys
15:54:13.0335 4940  hidshim - ok
15:54:13.0382 4940  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:54:13.0429 4940  HidUsb - ok
15:54:13.0444 4940  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:54:13.0507 4940  hkmsvc - ok
15:54:13.0569 4940  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
15:54:13.0585 4940  HpCISSs - ok
15:54:13.0632 4940  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:54:13.0678 4940  HSFHWAZL - ok
15:54:13.0928 4940  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:54:14.0022 4940  HSF_DPV - ok
15:54:14.0068 4940  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:54:14.0100 4940  HSXHWAZL - ok
15:54:14.0162 4940  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:54:14.0224 4940  HTTP - ok
15:54:14.0256 4940  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
15:54:14.0302 4940  i2omp - ok
15:54:14.0334 4940  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:14.0380 4940  i8042prt - ok
15:54:14.0521 4940  [ 8318E04A6455CED1020BCC5039B62CFA ] ialm            C:\Windows\system32\DRIVERS\ialmnt5.sys
15:54:14.0692 4940  ialm - ok
15:54:14.0880 4940  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
15:54:14.0942 4940  iaStorV - ok
15:54:15.0036 4940  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:15.0114 4940  idsvc - ok
15:54:15.0145 4940  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
15:54:15.0160 4940  iirsp - ok
15:54:15.0285 4940  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:54:15.0332 4940  IKEEXT - ok
15:54:15.0410 4940  [ 58FF11C95C3681C9250914521CB9F036 ] int15          C:\Windows\system32\drivers\int15.sys
15:54:15.0457 4940  int15 - ok
15:54:15.0582 4940  [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:54:15.0784 4940  IntcAzAudAddService - ok
15:54:15.0816 4940  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:54:15.0831 4940  intelide - ok
15:54:15.0862 4940  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:54:15.0894 4940  intelppm - ok
15:54:15.0925 4940  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:54:15.0987 4940  IPBusEnum - ok
15:54:16.0018 4940  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:16.0050 4940  IpFilterDriver - ok
15:54:16.0081 4940  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:54:16.0128 4940  iphlpsvc - ok
15:54:16.0128 4940  IpInIp - ok
15:54:16.0143 4940  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
15:54:16.0190 4940  IPMIDRV - ok
15:54:16.0252 4940  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
15:54:16.0284 4940  IPNAT - ok
15:54:16.0330 4940  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
15:54:16.0362 4940  irda - ok
15:54:16.0393 4940  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:54:16.0424 4940  IRENUM - ok
15:54:16.0486 4940  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon          C:\Windows\System32\irmon.dll
15:54:16.0611 4940  Irmon - ok
15:54:16.0627 4940  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:54:16.0674 4940  isapnp - ok
15:54:16.0720 4940  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:16.0736 4940  iScsiPrt - ok
15:54:16.0783 4940  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:54:16.0798 4940  iteatapi - ok
15:54:16.0861 4940  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
15:54:16.0892 4940  iteraid - ok
15:54:16.0908 4940  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:16.0923 4940  kbdclass - ok
15:54:16.0986 4940  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:54:17.0064 4940  kbdhid - ok
15:54:17.0110 4940  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:54:17.0157 4940  KeyIso - ok
15:54:17.0282 4940  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:54:17.0360 4940  KSecDD - ok
15:54:17.0469 4940  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:54:17.0594 4940  KtmRm - ok
15:54:17.0688 4940  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:54:17.0766 4940  LanmanServer - ok
15:54:17.0812 4940  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:54:17.0859 4940  LanmanWorkstation - ok
15:54:17.0922 4940  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:54:17.0968 4940  lltdio - ok
15:54:18.0015 4940  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:54:18.0093 4940  lltdsvc - ok
15:54:18.0140 4940  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:54:18.0187 4940  lmhosts - ok
15:54:18.0234 4940  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:54:18.0249 4940  LSI_FC - ok
15:54:18.0296 4940  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
15:54:18.0312 4940  LSI_SAS - ok
15:54:18.0405 4940  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:54:18.0421 4940  LSI_SCSI - ok
15:54:18.0436 4940  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
15:54:18.0483 4940  luafv - ok
15:54:18.0546 4940  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:54:18.0608 4940  Mcx2Svc - ok
15:54:18.0639 4940  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:54:18.0655 4940  mdmxsdk - ok
15:54:18.0702 4940  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
15:54:18.0717 4940  megasas - ok
15:54:18.0733 4940  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:54:18.0764 4940  MegaSR - ok
15:54:18.0795 4940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
15:54:18.0873 4940  MMCSS - ok
15:54:18.0936 4940  MobilityService - ok
15:54:18.0967 4940  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
15:54:19.0029 4940  Modem - ok
15:54:19.0045 4940  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:54:19.0092 4940  monitor - ok
15:54:19.0107 4940  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:54:19.0123 4940  mouclass - ok
15:54:19.0154 4940  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:54:19.0201 4940  mouhid - ok
15:54:19.0232 4940  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:54:19.0279 4940  MountMgr - ok
15:54:19.0357 4940  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:19.0372 4940  MozillaMaintenance - ok
15:54:19.0419 4940  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:54:19.0435 4940  mpio - ok
15:54:19.0466 4940  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:54:19.0497 4940  mpsdrv - ok
15:54:19.0606 4940  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:54:19.0669 4940  MpsSvc - ok
15:54:19.0747 4940  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:54:19.0762 4940  Mraid35x - ok
15:54:19.0794 4940  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:54:19.0825 4940  MRxDAV - ok
15:54:19.0918 4940  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:20.0012 4940  mrxsmb - ok
15:54:20.0106 4940  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:20.0121 4940  mrxsmb10 - ok
15:54:20.0199 4940  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:20.0277 4940  mrxsmb20 - ok
15:54:20.0308 4940  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
15:54:20.0324 4940  msahci - ok
15:54:20.0340 4940  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:54:20.0355 4940  msdsm - ok
15:54:20.0386 4940  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
15:54:20.0418 4940  MSDTC - ok
15:54:20.0464 4940  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:54:20.0527 4940  Msfs - ok
15:54:20.0558 4940  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:54:20.0574 4940  msisadrv - ok
15:54:20.0605 4940  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:54:20.0698 4940  MSiSCSI - ok
15:54:20.0714 4940  msiserver - ok
15:54:20.0730 4940  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:54:20.0761 4940  MSKSSRV - ok
15:54:20.0761 4940  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:20.0792 4940  MSPCLOCK - ok
15:54:20.0808 4940  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:54:20.0854 4940  MSPQM - ok
15:54:20.0932 4940  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:54:20.0948 4940  MsRPC - ok
15:54:21.0026 4940  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:21.0026 4940  mssmbios - ok
15:54:21.0135 4940  MSSQL$SQLEXPRESS - ok
15:54:21.0198 4940  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:54:21.0213 4940  MSSQLServerADHelper100 - ok
15:54:21.0244 4940  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:54:21.0276 4940  MSTEE - ok
15:54:21.0307 4940  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
15:54:21.0322 4940  Mup - ok
15:54:21.0385 4940  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:54:21.0432 4940  napagent - ok
15:54:21.0494 4940  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:54:21.0510 4940  NativeWifiP - ok
15:54:21.0572 4940  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:54:21.0603 4940  NDIS - ok
15:54:21.0634 4940  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:21.0666 4940  NdisTapi - ok
15:54:21.0697 4940  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:21.0744 4940  Ndisuio - ok
15:54:21.0790 4940  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:21.0822 4940  NdisWan - ok
15:54:21.0837 4940  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:54:21.0853 4940  NDProxy - ok
15:54:21.0868 4940  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:54:21.0900 4940  NetBIOS - ok
15:54:21.0946 4940  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
15:54:21.0993 4940  netbt - ok
15:54:22.0009 4940  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:54:22.0024 4940  Netlogon - ok
15:54:22.0056 4940  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:54:22.0102 4940  Netman - ok
15:54:22.0165 4940  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0274 4940  NetMsmqActivator - ok
15:54:22.0290 4940  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0305 4940  NetPipeActivator - ok
15:54:22.0321 4940  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:54:22.0368 4940  netprofm - ok
15:54:22.0368 4940  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0383 4940  NetTcpActivator - ok
15:54:22.0399 4940  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:54:22.0414 4940  NetTcpPortSharing - ok
15:54:22.0446 4940  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
15:54:22.0461 4940  nfrd960 - ok
15:54:22.0492 4940  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:54:22.0524 4940  NlaSvc - ok
15:54:22.0570 4940  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:54:22.0602 4940  Npfs - ok
15:54:22.0664 4940  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA        C:\Windows\system32\DRIVERS\nscirda.sys
15:54:22.0695 4940  NSCIRDA - ok
15:54:22.0742 4940  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
15:54:22.0820 4940  nsi - ok
15:54:22.0851 4940  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:54:22.0914 4940  nsiproxy - ok
15:54:22.0976 4940  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:54:23.0070 4940  Ntfs - ok
15:54:23.0101 4940  [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:54:23.0116 4940  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:23.0116 4940  NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
15:54:23.0163 4940  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr        C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:54:23.0179 4940  NTIDrvr - ok
15:54:23.0210 4940  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:54:23.0226 4940  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
15:54:23.0226 4940  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
15:54:23.0257 4940  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
15:54:23.0304 4940  ntrigdigi - ok
15:54:23.0335 4940  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:54:23.0382 4940  Null - ok
15:54:23.0413 4940  [ 85D8845B7B6A434B7CE35723BF0E5C57 ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
15:54:23.0444 4940  nuvotonhidgeneric - ok
15:54:23.0491 4940  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:54:23.0506 4940  nvraid - ok
15:54:23.0553 4940  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:54:23.0569 4940  nvstor - ok
15:54:23.0616 4940  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:54:23.0631 4940  nv_agp - ok
15:54:23.0647 4940  NwlnkFlt - ok
15:54:23.0647 4940  NwlnkFwd - ok
15:54:23.0772 4940  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:54:23.0803 4940  odserv - ok
15:54:23.0834 4940  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:23.0881 4940  ohci1394 - ok
15:54:23.0912 4940  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:23.0928 4940  ose - ok
15:54:24.0052 4940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:54:24.0130 4940  p2pimsvc - ok
15:54:24.0146 4940  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:54:24.0177 4940  p2psvc - ok
15:54:24.0224 4940  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
15:54:24.0286 4940  Parport - ok
15:54:24.0333 4940  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:54:24.0349 4940  partmgr - ok
15:54:24.0380 4940  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:54:24.0442 4940  Parvdm - ok
15:54:24.0489 4940  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:54:24.0536 4940  PcaSvc - ok
15:54:24.0583 4940  [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:54:24.0630 4940  pccsmcfd - ok
15:54:24.0645 4940  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
15:54:24.0661 4940  pci - ok
15:54:24.0723 4940  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
15:54:24.0739 4940  pciide - ok
15:54:24.0817 4940  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:54:24.0832 4940  pcmcia - ok
15:54:24.0895 4940  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:54:24.0988 4940  PEAUTH - ok
15:54:25.0082 4940  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
15:54:25.0238 4940  pla - ok
15:54:25.0300 4940  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:54:25.0378 4940  PlugPlay - ok
15:54:25.0425 4940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
15:54:25.0456 4940  PNRPAutoReg - ok
15:54:25.0519 4940  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
15:54:25.0550 4940  PNRPsvc - ok
15:54:25.0628 4940  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:54:25.0690 4940  PolicyAgent - ok
15:54:25.0753 4940  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:54:25.0800 4940  PptpMiniport - ok
15:54:25.0831 4940  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:54:25.0862 4940  Processor - ok
15:54:25.0924 4940  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
15:54:25.0956 4940  ProfSvc - ok
15:54:25.0987 4940  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:54:26.0002 4940  ProtectedStorage - ok
15:54:26.0034 4940  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:54:26.0065 4940  PSched - ok
15:54:26.0080 4940  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter      C:\Windows\system32\DRIVERS\psdfilter.sys
15:54:26.0096 4940  PSDFilter - ok
15:54:26.0143 4940  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
15:54:26.0158 4940  PSDNServ - ok
15:54:26.0221 4940  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
15:54:26.0236 4940  psdvdisk - ok
15:54:26.0314 4940  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:54:26.0408 4940  ql2300 - ok
15:54:26.0470 4940  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:54:26.0486 4940  ql40xx - ok
15:54:26.0533 4940  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
15:54:26.0564 4940  QWAVE - ok
15:54:26.0595 4940  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:54:26.0611 4940  QWAVEdrv - ok
15:54:26.0658 4940  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:54:26.0704 4940  RasAcd - ok
15:54:26.0736 4940  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
15:54:26.0767 4940  RasAuto - ok
15:54:26.0814 4940  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:54:26.0845 4940  Rasl2tp - ok
15:54:26.0876 4940  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:54:26.0938 4940  RasMan - ok
15:54:26.0970 4940  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:54:27.0001 4940  RasPppoe - ok
15:54:27.0032 4940  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:54:27.0048 4940  RasSstp - ok
15:54:27.0110 4940  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:54:27.0141 4940  rdbss - ok
15:54:27.0204 4940  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:54:27.0235 4940  RDPCDD - ok
15:54:27.0282 4940  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
15:54:27.0328 4940  rdpdr - ok
15:54:27.0360 4940  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:54:27.0406 4940  RDPENCDD - ok
15:54:27.0438 4940  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:54:27.0484 4940  RDPWD - ok
15:54:27.0531 4940  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:54:27.0562 4940  RemoteAccess - ok
15:54:27.0594 4940  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:54:27.0609 4940  RemoteRegistry - ok
15:54:27.0656 4940  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:54:27.0672 4940  RpcLocator - ok
15:54:27.0718 4940  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
15:54:27.0765 4940  RpcSs - ok
15:54:27.0843 4940  [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
15:54:27.0874 4940  RsFx0105 - ok
15:54:27.0906 4940  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:54:27.0952 4940  rspndr - ok
15:54:28.0030 4940  [ D3B4872DE758EFA9E0740694C4461421 ] RT25USBAP      C:\Windows\system32\DRIVERS\rt25usbap.sys
15:54:28.0077 4940  RT25USBAP ( UnsignedFile.Multi.Generic ) - warning
15:54:28.0077 4940  RT25USBAP - detected UnsignedFile.Multi.Generic (1)
15:54:28.0108 4940  [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
15:54:28.0124 4940  RTHDMIAzAudService - ok
15:54:28.0155 4940  [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
15:54:28.0186 4940  RTSTOR - ok
15:54:28.0202 4940  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
15:54:28.0218 4940  SamSs - ok
15:54:28.0249 4940  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:54:28.0264 4940  sbp2port - ok
15:54:28.0327 4940  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:54:28.0342 4940  SCardSvr - ok
15:54:28.0420 4940  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:54:28.0498 4940  Schedule - ok
15:54:28.0545 4940  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:54:28.0561 4940  SCPolicySvc - ok
15:54:28.0608 4940  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
15:54:28.0654 4940  sdbus - ok
15:54:28.0701 4940  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:54:28.0732 4940  SDRSVC - ok
15:54:28.0826 4940  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:54:28.0904 4940  secdrv - ok
15:54:28.0935 4940  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:54:28.0982 4940  seclogon - ok
15:54:29.0013 4940  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:54:29.0060 4940  SENS - ok
15:54:29.0091 4940  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
15:54:29.0169 4940  Serenum - ok
15:54:29.0200 4940  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:54:29.0263 4940  Serial - ok
15:54:29.0325 4940  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:54:29.0356 4940  sermouse - ok
15:54:29.0466 4940  [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:54:29.0481 4940  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:54:29.0481 4940  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:54:29.0512 4940  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:54:29.0544 4940  SessionEnv - ok
15:54:29.0590 4940  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:54:29.0622 4940  sffdisk - ok
15:54:29.0668 4940  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:54:29.0715 4940  sffp_mmc - ok
15:54:29.0746 4940  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:54:29.0793 4940  sffp_sd - ok
15:54:29.0809 4940  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
15:54:29.0871 4940  sfloppy - ok
15:54:29.0934 4940  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:54:29.0996 4940  SharedAccess - ok
15:54:30.0043 4940  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:54:30.0090 4940  ShellHWDetection - ok
15:54:30.0152 4940  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:54:30.0168 4940  sisagp - ok
15:54:30.0199 4940  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:54:30.0230 4940  SiSRaid2 - ok
15:54:30.0277 4940  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:54:30.0292 4940  SiSRaid4 - ok
15:54:30.0417 4940  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
15:54:30.0636 4940  slsvc - ok
15:54:30.0698 4940  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:54:30.0729 4940  SLUINotify - ok
15:54:30.0760 4940  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:54:30.0807 4940  Smb - ok
15:54:30.0854 4940  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:54:30.0885 4940  SNMPTRAP - ok
15:54:30.0948 4940  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
15:54:30.0963 4940  spldr - ok
15:54:31.0010 4940  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
15:54:31.0072 4940  Spooler - ok
15:54:31.0104 4940  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
15:54:31.0197 4940  SQLAgent$SQLEXPRESS - ok
15:54:31.0275 4940  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:54:31.0291 4940  SQLBrowser - ok
15:54:31.0338 4940  [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:54:31.0353 4940  SQLWriter - ok
15:54:31.0400 4940  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:54:31.0431 4940  srv - ok
15:54:31.0494 4940  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:54:31.0509 4940  srv2 - ok
15:54:31.0525 4940  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:54:31.0572 4940  srvnet - ok
15:54:31.0650 4940  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:54:31.0712 4940  SSDPSRV - ok
15:54:31.0759 4940  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:54:31.0790 4940  ssmdrv - ok
15:54:31.0837 4940  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:54:31.0868 4940  SSPORT ( UnsignedFile.Multi.Generic ) - warning
15:54:31.0868 4940  SSPORT - detected UnsignedFile.Multi.Generic (1)
15:54:31.0884 4940  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:54:31.0915 4940  SstpSvc - ok
15:54:31.0977 4940  [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus        C:\Windows\system32\DRIVERS\ss_bbus.sys
15:54:31.0993 4940  ss_bbus - ok
15:54:32.0040 4940  [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:54:32.0071 4940  ss_bmdfl - ok
15:54:32.0102 4940  [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm        C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:54:32.0118 4940  ss_bmdm - ok
15:54:32.0180 4940  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:54:32.0258 4940  stisvc - ok
15:54:32.0305 4940  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:54:32.0320 4940  swenum - ok
15:54:32.0352 4940  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
15:54:32.0398 4940  swprv - ok
15:54:32.0430 4940  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
15:54:32.0445 4940  Symc8xx - ok
15:54:32.0508 4940  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:54:32.0523 4940  Sym_hi - ok
15:54:32.0554 4940  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:54:32.0586 4940  Sym_u3 - ok
15:54:32.0632 4940  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
15:54:32.0664 4940  SynTP - ok
15:54:32.0742 4940  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
15:54:32.0804 4940  SysMain - ok
15:54:32.0866 4940  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:54:32.0898 4940  TabletInputService - ok
15:54:32.0944 4940  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:54:32.0976 4940  TapiSrv - ok
15:54:33.0022 4940  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
15:54:33.0069 4940  TBS - ok
15:54:33.0147 4940  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:54:33.0225 4940  Tcpip - ok
15:54:33.0272 4940  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:54:33.0334 4940  Tcpip6 - ok
15:54:33.0397 4940  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:54:33.0444 4940  tcpipreg - ok
15:54:33.0522 4940  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:54:33.0568 4940  TDPIPE - ok
15:54:33.0615 4940  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:54:33.0646 4940  TDTCP - ok
15:54:33.0709 4940  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:54:33.0756 4940  tdx - ok
15:54:33.0787 4940  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:54:33.0802 4940  TermDD - ok
15:54:33.0849 4940  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
15:54:33.0896 4940  TermService - ok
15:54:33.0943 4940  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:54:33.0958 4940  Themes - ok
15:54:33.0990 4940  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
15:54:34.0021 4940  THREADORDER - ok
15:54:34.0083 4940  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:54:34.0146 4940  TrkWks - ok
15:54:34.0192 4940  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:54:34.0239 4940  TrustedInstaller - ok
15:54:34.0302 4940  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:54:34.0333 4940  tssecsrv - ok
15:54:34.0364 4940  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
15:54:34.0395 4940  tunmp - ok
15:54:34.0458 4940  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:54:34.0489 4940  tunnel - ok
15:54:34.0520 4940  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:54:34.0536 4940  uagp35 - ok
15:54:34.0598 4940  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:54:34.0629 4940  udfs - ok
15:54:34.0676 4940  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:54:34.0723 4940  UI0Detect - ok
15:54:34.0754 4940  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:54:34.0785 4940  uliagpkx - ok
15:54:34.0832 4940  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
15:54:34.0863 4940  uliahci - ok
15:54:34.0894 4940  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:54:34.0910 4940  UlSata - ok
15:54:34.0957 4940  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
15:54:34.0988 4940  ulsata2 - ok
15:54:35.0019 4940  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
15:54:35.0082 4940  umbus - ok
15:54:35.0113 4940  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:54:35.0175 4940  upnphost - ok
15:54:35.0222 4940  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:54:35.0253 4940  usbccgp - ok
15:54:35.0300 4940  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:54:35.0378 4940  usbcir - ok
15:54:35.0409 4940  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:54:35.0456 4940  usbehci - ok
15:54:35.0472 4940  [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
15:54:35.0487 4940  usbfilter - ok
15:54:35.0503 4940  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:54:35.0550 4940  usbhub - ok
15:54:35.0565 4940  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
15:54:35.0612 4940  usbohci - ok
15:54:35.0643 4940  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:54:35.0768 4940  usbprint - ok
15:54:35.0815 4940  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:54:35.0846 4940  usbscan - ok
15:54:35.0893 4940  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:54:35.0924 4940  USBSTOR - ok
15:54:35.0940 4940  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
15:54:35.0971 4940  usbuhci - ok
15:54:36.0002 4940  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:54:36.0049 4940  usbvideo - ok
15:54:36.0080 4940  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
15:54:36.0111 4940  UxSms - ok
15:54:36.0158 4940  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
15:54:36.0267 4940  vds - ok
15:54:36.0314 4940  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:54:36.0345 4940  vga - ok
15:54:36.0376 4940  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:54:36.0408 4940  VgaSave - ok
15:54:36.0423 4940  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:54:36.0454 4940  viaagp - ok
15:54:36.0486 4940  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
15:54:36.0517 4940  ViaC7 - ok
15:54:36.0532 4940  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:54:36.0564 4940  viaide - ok
15:54:36.0579 4940  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:54:36.0595 4940  volmgr - ok
15:54:36.0610 4940  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:54:36.0642 4940  volmgrx - ok
15:54:36.0688 4940  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:54:36.0735 4940  volsnap - ok
15:54:36.0751 4940  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
15:54:36.0766 4940  vsmraid - ok
15:54:36.0922 4940  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
15:54:37.0000 4940  VSS - ok
15:54:37.0032 4940  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
15:54:37.0063 4940  W32Time - ok
15:54:37.0110 4940  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:54:37.0172 4940  WacomPen - ok
15:54:37.0219 4940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:54:37.0250 4940  Wanarp - ok
15:54:37.0266 4940  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:54:37.0297 4940  Wanarpv6 - ok
15:54:37.0328 4940  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:54:37.0375 4940  wcncsvc - ok
15:54:37.0406 4940  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:54:37.0437 4940  WcsPlugInService - ok
15:54:37.0468 4940  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
15:54:37.0484 4940  Wd - ok
15:54:37.0593 4940  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:54:37.0640 4940  Wdf01000 - ok
15:54:37.0656 4940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:54:37.0702 4940  WdiServiceHost - ok
15:54:37.0702 4940  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:54:37.0734 4940  WdiSystemHost - ok
15:54:37.0765 4940  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
15:54:37.0796 4940  WebClient - ok
15:54:37.0858 4940  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:54:37.0890 4940  Wecsvc - ok
15:54:37.0905 4940  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:54:37.0952 4940  wercplsupport - ok
15:54:38.0046 4940  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:54:38.0061 4940  WerSvc - ok
15:54:38.0108 4940  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:54:38.0155 4940  winachsf - ok
15:54:38.0202 4940  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:54:38.0233 4940  WinDefend - ok
15:54:38.0233 4940  WinHttpAutoProxySvc - ok
15:54:38.0326 4940  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:54:38.0358 4940  Winmgmt - ok
15:54:38.0514 4940  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
15:54:38.0623 4940  WinRM - ok
15:54:38.0654 4940  WisINT15 - ok
15:54:38.0685 4940  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:54:38.0763 4940  Wlansvc - ok
15:54:39.0184 4940  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:54:39.0294 4940  wlidsvc - ok
15:54:39.0325 4940  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:54:39.0372 4940  WmiAcpi - ok
15:54:39.0465 4940  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:54:39.0496 4940  wmiApSrv - ok
15:54:39.0574 4940  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:39.0668 4940  WMPNetworkSvc - ok
15:54:39.0715 4940  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:54:39.0746 4940  WPCSvc - ok
15:54:39.0777 4940  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:54:39.0824 4940  WPDBusEnum - ok
15:54:39.0996 4940  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:40.0027 4940  WPFFontCache_v0400 - ok
15:54:40.0074 4940  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:54:40.0198 4940  ws2ifsl - ok
15:54:40.0230 4940  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:54:40.0276 4940  wscsvc - ok
15:54:40.0276 4940  WSearch - ok
15:54:40.0354 4940  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:54:40.0573 4940  wuauserv - ok
15:54:40.0635 4940  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:54:40.0682 4940  WUDFRd - ok
15:54:40.0729 4940  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:54:40.0776 4940  wudfsvc - ok
15:54:40.0807 4940  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
15:54:40.0854 4940  XAudio - ok
15:54:40.0900 4940  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
15:54:40.0932 4940  XAudioService - ok
15:54:40.0994 4940  ================ Scan global ===============================
15:54:41.0025 4940  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:54:41.0150 4940  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:54:41.0166 4940  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:54:41.0197 4940  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:54:41.0197 4940  [Global] - ok
15:54:41.0197 4940  ================ Scan MBR ==================================
15:54:41.0212 4940  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
15:54:42.0164 4940  \Device\Harddisk0\DR0 - ok
15:54:42.0164 4940  ================ Scan VBR ==================================
15:54:42.0242 4940  [ A1E9374F3F2236F7198C6BD25EAC37C4 ] \Device\Harddisk0\DR0\Partition1
15:54:42.0273 4940  \Device\Harddisk0\DR0\Partition1 - ok
15:54:42.0289 4940  [ 231CF1B62882BBEC4C9F3CBF5E196A84 ] \Device\Harddisk0\DR0\Partition2
15:54:42.0289 4940  \Device\Harddisk0\DR0\Partition2 - ok
15:54:42.0304 4940  ============================================================
15:54:42.0304 4940  Scan finished
15:54:42.0304 4940  ============================================================
15:54:42.0320 3276  Detected object count: 10
15:54:42.0320 3276  Actual detected object count: 10
15:55:44.0767 3276  ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276  ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276  CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276  CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0767 3276  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0767 3276  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  RT25USBAP ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  RT25USBAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:55:44.0782 3276  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:44.0782 3276  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 31.08.2012 16:01
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Markus__ 05.09.2012 17:56
Willkommen zurück!


Combofix Logfile:
Code:
ComboFix 12-09-05.02 - *** 05.09.2012  18:32:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2429.1566 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\win.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-05 bis 2012-09-05  ))))))))))))))))))))))))))))))
.
.
2012-09-05 16:39 . 2012-09-05 16:40        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-05 16:39 . 2012-09-05 16:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-04 16:47 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9529D618-C7B1-4F3F-AD7D-8D3445736AAF}\mpengine.dll
2012-08-21 16:22 . 2012-08-21 16:22        --------        d-----w-        C:\_OTL
2012-08-16 14:25 . 2012-08-16 14:25        --------        d-----w-        c:\program files\ESET
2012-08-15 07:32 . 2012-07-04 14:02        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 07:27 . 2012-05-11 15:57        623616        ----a-w-        c:\windows\system32\localspl.dll
2012-08-12 17:59 . 2012-08-12 17:59        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-08-12 17:59 . 2012-08-12 17:59        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-12 17:59 . 2012-08-12 17:59        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-12 17:59 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 08:05 . 2011-10-17 07:06        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-08-13 08:05 . 2011-10-17 07:06        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-14 18:57 . 2011-07-03 08:44        589824        ----a-w-        C:\SP_Connector.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="c:\users\***\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe" [2010-01-03 26248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Wisdom-soft AutoScreenRecorder 3.1 Free"=0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"eRecoveryService"=
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 09:31]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 09:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0210&m=aspire_8530
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gq3qzdgk.Standard-Benutzer\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-05 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1343389753-3152364277-592017090-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,52,0a,c4,dd,72,29,7a,16,f9,c2,23,34,9d,ad,86,84,e0,d2,5e,94,
  22,c6,1c,46,d9,74,58,3a,e1,f8,91,16,46,85,e7,e4,fc,ed,02,08,7e,7d,8b,04,c2,\
"rkeysecu"=hex:f8,08,89,66,63,a0,77,bb,47,90,1a,bc,c9,b4,ed,c2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5328)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-09-05  18:42:08
ComboFix-quarantined-files.txt  2012-09-05 16:42
.
Vor Suchlauf: 18 Verzeichnis(se), 80.825.286.656 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 80.730.226.688 Bytes frei
.
- - End Of File - - 136596FA959CE1A66CA02FA66753C1FC
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131