Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kann nicht auf Desktop zugreifen! (https://www.trojaner-board.de/129935-desktop-zugreifen.html)

Chris2 22.01.2013 18:36
Kann nicht auf Desktop zugreifen!
 
Hallo,
vielleicht kann mir ja einer bei meinem Problem helfen wäre echt super.

Vor einigen Tage hab ich im Internet gesurft, plötzlich fährt der Pc runter. Ich hab ihn neu gestartet und mich angemeldet. Dann sehe ich kurz alle Desktop Symbole, sie verschwinden wieder und kurz darauf ist der Bildschirm weiß. Auf den Taskmanager kann ich zugreifen mehr leider nicht. Wenn ich den Pc dann wieder runterfahre sehe ich kurz wieder alle Desktopn Symbole. Habe schon versucht im abgesicherten Modus zu starten aber geht nicht, Pc wird von alleine neu gestartet.

Habe keine Ahnung was das Problem ist und was ich tun soll.

Danke vorab für die Hilfe

Mfg Chris

markusg 22.01.2013 18:38
hi,
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Chris2 22.01.2013 18:44
Danke für deine schnelle hilfe. werde mich morgen darum kümmern. Komme heute leider nicht mehr an einen anderen Pc

markusg 22.01.2013 18:45
lasse solche zwischenposts weg, und mach einfach wenn du Zeit hast

Chris2 23.01.2013 20:45
hallo
habe alles gemacht wie du es beschrieben hattest, doch beim Scanforgang kam dann die Meldung Out of Memory. Hab es mehrmals probiert aber es kam immer diese Meldung.
Vielleicht kannst du mir weiterhelfen.
Danke

markusg 24.01.2013 12:40
hi
versuchs mal ohne das Script von oben

Chris2 24.01.2013 17:58
OTL Logfile:
Code:
OTL logfile created on: 1/24/2013 5:45:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.50 Gb Total Space | 42.85 Gb Free Space | 35.86% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 297.76 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/08 13:28:04 | 000,036,160 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008/05/01 20:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/04/25 06:30:26 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 04:39:29 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/13 04:09:23 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/07 10:04:46 | 000,676,936 | ---- | M] () [Auto] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 10:04:46 | 000,399,432 | ---- | M] () [Auto] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/22 08:46:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/06/11 09:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 09:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/08 13:33:34 | 002,028,864 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 13:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/19 09:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Disabled] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011/03/29 12:04:15 | 000,075,136 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/03 11:07:48 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] () [Auto] -- D:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/15 02:54:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)
SRV - [2008/01/25 11:49:04 | 000,269,448 | ---- | M] (CyberLink) [Disabled] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/07 10:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/21 13:20:24 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/28 17:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/03/28 17:28:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/28 17:06:26 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/15 04:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/15 06:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/06/25 10:31:23 | 000,314,016 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/25 10:31:23 | 000,043,680 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/07 09:41:46 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/02/28 21:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/28 21:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/12/14 03:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64l.sys -- (SkLaggProtocol)
DRV:64bit: - [2007/12/06 03:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/11/25 22:16:32 | 000,086,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007/11/23 03:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x64v.sys -- (SkVlanProtocol)
DRV:64bit: - [2007/08/20 05:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/06/19 03:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007/06/19 03:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV:64bit: - [2007/06/19 03:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/06/19 03:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV:64bit: - [2007/06/19 03:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV:64bit: - [2007/06/19 03:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007/06/19 03:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV:64bit: - [2006/11/02 02:48:50 | 000,326,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ati2mpad.sys -- (ati2mpad)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2013/01/19 09:35:49 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\ex64.sys -- (NAVEX15)
DRV - [2013/01/19 09:35:49 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\eng64.sys -- (NAVENG)
DRV - [2012/12/14 12:06:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:50:46 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/16 03:18:35 | 000,241,848 | ---- | M] () [Kernel | On_Demand] -- C:\Users\Chris\AppData\Roaming\TZAC\tizek64.sys -- (tizekdrv)
DRV - [2010/10/07 11:08:48 | 000,022,584 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/08/19 14:08:04 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/06/18 07:54:58 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/04/25 06:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2007/09/07 08:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007/06/29 02:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Chris\Desktop
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com [binary data]
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Chris_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Chris_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Web Player\npdivx32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/23 10:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2013/01/22 12:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 04:09:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/13 04:09:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 04:09:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/13 04:09:18 | 000,000,000 | ---D | M]
 
[2008/11/26 12:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/12/12 11:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions
[2010/12/24 02:11:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/07 10:03:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/05/16 10:25:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\engine@conduit.com
[2011/05/14 01:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\nostmp
[2012/01/14 09:32:42 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\toolbar@ask.com
[2012/11/15 11:30:59 | 000,002,539 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\aol-search.xml
[2013/01/12 09:30:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-1.xml
[2010/04/03 00:02:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-10.xml
[2010/06/27 14:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-11.xml
[2010/07/02 04:19:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-12.xml
[2010/07/22 12:37:38 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-13.xml
[2010/07/26 14:28:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-14.xml
[2010/09/12 11:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-15.xml
[2010/09/17 13:18:58 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-16.xml
[2010/10/24 02:33:33 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-17.xml
[2010/10/29 11:32:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-18.xml
[2010/12/13 12:40:20 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-19.xml
[2009/07/23 14:13:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-2.xml
[2010/12/24 03:00:04 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-20.xml
[2011/03/21 11:11:06 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-21.xml
[2011/04/21 13:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-22.xml
[2011/05/14 01:34:46 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-23.xml
[2009/08/04 16:01:49 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-3.xml
[2009/09/11 16:18:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-4.xml
[2009/10/30 14:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-5.xml
[2009/12/17 11:12:26 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-6.xml
[2010/01/06 11:39:41 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-7.xml
[2010/01/06 14:21:07 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-8.xml
[2010/03/24 13:03:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-9.xml
[2008/07/10 07:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin.xml
[2009/03/02 12:23:26 | 000,001,632 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\live-search.xml
[2012/02/13 13:10:00 | 000,002,448 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\safesearch.xml
[2009/09/04 09:52:21 | 000,001,196 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\winamp-search.xml
[2013/01/13 04:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/13 04:09:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
File not found (No name found) --
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XG1MPTBR.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2013/01/13 04:09:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/11 10:39:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/14 14:11:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/11 10:39:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/11 10:39:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/11 10:39:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/11 10:39:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/09/10 03:05:42 | 000,444,168 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1        100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 15258 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\Chris_ON_C\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKU\Chris_ON_C..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Chris_ON_C..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - HKU\Chris_ON_C..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\Chris_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Chris_ON_C\..Trusted Domains: fritz.box ([]* in Local intranet)
O15:64bit: - Chris_ON_C\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Chris_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Chris_ON_C Winlogon: Shell - (C:\Users\Chris\AppData\Roaming\skype.dat) - C:\Users\Chris\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O27:64bit: - HKLM IFEO\erecoveryui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\javaw.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\javaws.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ntunecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nvprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\erecoveryui.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\googleupdater.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\javaw.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\javaws.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\ntunecmd.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\nvprofile.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{46fd72bc-9a8d-11dd-b948-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46fd72bc-9a8d-11dd-b948-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/13 04:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/10 11:45:49 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/10 11:45:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2013/01/10 11:45:35 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/22 12:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/22 12:21:10 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini
[2013/01/22 12:20:44 | 000,000,138 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/01/22 12:20:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 12:20:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013/01/22 12:19:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:19:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:14:34 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/22 12:14:34 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/22 12:14:34 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/22 12:14:34 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/22 11:41:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 03:25:37 | 000,002,032 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/01/12 10:37:30 | 000,093,184 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/12 10:03:45 | 000,246,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/12 08:46:09 | 001,538,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013/01/19 09:57:54 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.ini
[2012/09/10 10:49:38 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2012/09/10 10:14:14 | 000,003,072 | ---- | C] () -- C:\Users\Chris\AppData\Local\file__0.localstorage
[2012/09/10 02:39:30 | 000,000,732 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2012/01/11 11:51:44 | 000,063,488 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.dat
[2011/10/25 10:28:09 | 001,538,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/18 16:49:51 | 000,001,940 | ---- | C] () -- C:\Users\Chris\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/10 07:24:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/04/10 07:24:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BXD2140.DAT
[2010/04/10 07:03:57 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2010/04/10 07:03:44 | 000,000,037 | ---- | C] () -- C:\Windows\SysWow64\bd2140.dat
[2010/04/10 04:27:19 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/04/10 04:27:19 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/04/10 04:27:11 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/04/10 04:24:47 | 000,000,138 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/12/29 14:04:16 | 000,000,271 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/29 12:46:21 | 000,022,584 | ---- | C] () -- C:\Windows\SysWow64\drivers\PnkBstrK.sys
[2009/10/29 12:25:53 | 000,268,952 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/29 12:25:52 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/19 11:04:40 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/17 10:32:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 10:32:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/17 10:32:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/19 17:29:43 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini
[2008/11/28 09:44:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008/11/27 12:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infob.dat
[2008/11/27 12:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infoa.dat
[2008/11/27 12:26:53 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\treeinfo.dat
[2008/11/27 12:26:27 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2008/11/27 12:14:45 | 000,093,184 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/26 13:44:32 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/11/26 12:06:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/26 11:39:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/11/26 11:13:49 | 000,002,032 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2008/10/15 03:02:27 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/10/15 03:02:27 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/04/30 12:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/04/30 12:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/04/30 11:48:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010/12/26 03:59:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited
[2012/07/06 11:13:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon
[2012/12/18 12:37:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/07/14 13:43:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CPUControl
[2012/02/03 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2012/01/15 11:22:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/10/25 10:04:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2012/10/03 10:06:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2012/07/05 12:58:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2008/12/24 11:06:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2013/01/03 02:55:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HLSW
[2012/04/13 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ
[2008/11/28 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ Toolbar
[2009/10/02 13:49:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Inkscape
[2012/10/27 04:52:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mumble
[2009/01/25 07:46:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012/12/18 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PhotoScape
[2011/04/01 11:58:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SLAnticheat
[2009/01/31 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2008/12/13 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Teleca
[2011/03/05 09:15:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2010/01/25 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010/12/06 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2012/03/16 03:27:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TZAC
[2009/06/25 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/01/25 13:59:11 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/12/26 03:59:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/04/30 12:02:29 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/25 06:26:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Futuremark
[2010/01/27 15:28:50 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009/01/25 11:38:58 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/12/24 03:35:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/06/25 10:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/12/10 16:59:34 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/11/03 12:28:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2008/11/26 11:08:37 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/12/18 15:33:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2009/05/28 15:39:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/06/14 11:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2009/11/30 11:34:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/22 12:21:20 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 24.01.2013 21:28
hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKU\Chris_ON_C Winlogon: Shell - (C:\Users\Chris\AppData\Roaming\skype.dat) - C:\Users\Chris\AppData\Roaming\skype.dat ()
[2013/01/22 12:21:10 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini
:Files
C:\Users\Chris\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Chris2 25.01.2013 16:30
alles klappt soweit, bis ich ein zweites mal den fix button drücken will programm hängt sich auf es reagiert nicht mehr. cpu läuft auf volllast

markusg 25.01.2013 16:38
dann tippe den fix per hand ein

Chris2 25.01.2013 16:43
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\Chris_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Chris\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Chris\AppData\Roaming\skype.dat moved successfully.
C:\Users\Chris\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
File\Folder C:\Users\Chris\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Chris

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Chris

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 01252013_164122

markusg 25.01.2013 16:46
im normalen Modus internet verbindung herstellen, dann:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Chris2 25.01.2013 17:00
16:55:42.0989 0516 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:55:43.0219 0516 ============================================================
16:55:43.0219 0516 Current date / time: 2013/01/25 16:55:43.0219
16:55:43.0219 0516 SystemInfo:
16:55:43.0219 0516
16:55:43.0219 0516 OS Version: 6.0.6002 ServicePack: 2.0
16:55:43.0219 0516 Product type: Workstation
16:55:43.0219 0516 ComputerName: CHRIS-PC
16:55:43.0219 0516 UserName: Chris
16:55:43.0219 0516 Windows directory: C:\Windows
16:55:43.0219 0516 System windows directory: C:\Windows
16:55:43.0219 0516 Running under WOW64
16:55:43.0219 0516 Processor architecture: Intel x64
16:55:43.0219 0516 Number of processors: 4
16:55:43.0219 0516 Page size: 0x1000
16:55:43.0219 0516 Boot type: Normal boot
16:55:43.0219 0516 ============================================================
16:55:43.0655 0516 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x60F1A, SectorsPerTrack: 0x3, TracksPerCylinder: 0xF6, Type 'K0', Flags 0x00000040
16:55:43.0660 0516 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:43.0665 0516 Drive \Device\Harddisk2\DR2 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:55:43.0686 0516 Drive \Device\Harddisk7\DR7 - Size: 0x3ECFFC00 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:55:43.0689 0516 ============================================================
16:55:43.0689 0516 \Device\Harddisk0\DR0:
16:55:43.0689 0516 MBR partitions:
16:55:43.0689 0516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0xEEFD800
16:55:43.0689 0516 \Device\Harddisk1\DR1:
16:55:43.0689 0516 MBR partitions:
16:55:43.0689 0516 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
16:55:43.0689 0516 \Device\Harddisk2\DR2:
16:55:43.0689 0516 MBR partitions:
16:55:43.0690 0516 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
16:55:43.0690 0516 \Device\Harddisk7\DR7:
16:55:43.0690 0516 MBR partitions:
16:55:43.0690 0516 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F67BE
16:55:43.0690 0516 ============================================================
16:55:43.0710 0516 C: <-> \Device\Harddisk0\DR0\Partition1
16:55:43.0737 0516 D: <-> \Device\Harddisk1\DR1\Partition1
16:55:43.0762 0516 E: <-> \Device\Harddisk2\DR2\Partition1
16:55:43.0762 0516 ============================================================
16:55:43.0762 0516 Initialize success
16:55:43.0762 0516 ============================================================
16:55:59.0422 2180 ============================================================
16:55:59.0422 2180 Scan started
16:55:59.0422 2180 Mode: Manual; SigCheck; TDLFS;
16:55:59.0422 2180 ============================================================
16:55:59.0853 2180 ================ Scan system memory ========================
16:55:59.0853 2180 System memory - ok
16:55:59.0853 2180 ================ Scan services =============================
16:55:59.0934 2180 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
16:56:00.0013 2180 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
16:56:00.0013 2180 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
16:56:00.0174 2180 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:56:00.0196 2180 ACPI - ok
16:56:00.0218 2180 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:56:00.0267 2180 adp94xx - ok
16:56:00.0291 2180 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:56:00.0311 2180 adpahci - ok
16:56:00.0330 2180 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:56:00.0344 2180 adpu160m - ok
16:56:00.0358 2180 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:56:00.0373 2180 adpu320 - ok
16:56:00.0383 2180 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:00.0459 2180 AeLookupSvc - ok
16:56:00.0477 2180 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
16:56:00.0510 2180 AFD - ok
16:56:00.0526 2180 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:00.0544 2180 agp440 - ok
16:56:00.0569 2180 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:56:00.0581 2180 aic78xx - ok
16:56:00.0594 2180 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:56:00.0686 2180 ALG - ok
16:56:00.0706 2180 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:00.0727 2180 aliide - ok
16:56:00.0740 2180 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:00.0751 2180 amdide - ok
16:56:00.0760 2180 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:56:00.0794 2180 AmdK8 - ok
16:56:00.0809 2180 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:56:00.0837 2180 Appinfo - ok
16:56:00.0902 2180 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:56:00.0913 2180 Apple Mobile Device - ok
16:56:00.0938 2180 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:56:00.0952 2180 arc - ok
16:56:00.0962 2180 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:56:00.0974 2180 arcsas - ok
16:56:01.0032 2180 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:56:01.0043 2180 aspnet_state - ok
16:56:01.0057 2180 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:01.0088 2180 AsyncMac - ok
16:56:01.0100 2180 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:01.0112 2180 atapi - ok
16:56:01.0132 2180 [ A9FA2A0FBA4295FB5A70FDF15F83339C ] ati2mpad C:\Windows\system32\DRIVERS\ati2mpad.sys
16:56:01.0241 2180 ati2mpad - ok
16:56:01.0269 2180 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
16:56:01.0425 2180 atksgt - ok
16:56:01.0451 2180 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:01.0479 2180 AudioEndpointBuilder - ok
16:56:01.0485 2180 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:56:01.0510 2180 AudioSrv - ok
16:56:01.0549 2180 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:56:01.0562 2180 BBSvc - ok
16:56:01.0583 2180 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:56:01.0597 2180 BBUpdate - ok
16:56:01.0621 2180 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:56:01.0648 2180 BFE - ok
16:56:01.0758 2180 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
16:56:01.0802 2180 BHDrvx64 - ok
16:56:01.0838 2180 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:56:01.0895 2180 BITS - ok
16:56:01.0923 2180 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:56:01.0956 2180 blbdrive - ok
16:56:02.0000 2180 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:56:02.0018 2180 Bonjour Service - ok
16:56:02.0046 2180 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:56:02.0067 2180 bowser - ok
16:56:02.0074 2180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:56:02.0102 2180 BrFiltLo - ok
16:56:02.0109 2180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:56:02.0132 2180 BrFiltUp - ok
16:56:02.0145 2180 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:56:02.0181 2180 Browser - ok
16:56:02.0201 2180 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:56:02.0248 2180 Brserid - ok
16:56:02.0268 2180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:56:02.0310 2180 BrSerWdm - ok
16:56:02.0323 2180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:56:02.0372 2180 BrUsbMdm - ok
16:56:02.0392 2180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:56:02.0438 2180 BrUsbSer - ok
16:56:02.0451 2180 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:56:02.0502 2180 BTHMODEM - ok
16:56:02.0548 2180 [ 610AB863245F18E21D90F15DA4ED1953 ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
16:56:02.0557 2180 BUNAgentSvc - ok
16:56:02.0615 2180 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
16:56:02.0629 2180 ccSet_N360 - ok
16:56:02.0659 2180 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:56:02.0688 2180 cdfs - ok
16:56:02.0711 2180 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:56:02.0735 2180 cdrom - ok
16:56:02.0762 2180 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:56:02.0785 2180 CertPropSvc - ok
16:56:02.0793 2180 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:56:02.0822 2180 circlass - ok
16:56:02.0839 2180 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:56:02.0858 2180 CLFS - ok
16:56:02.0885 2180 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:02.0897 2180 clr_optimization_v2.0.50727_32 - ok
16:56:02.0926 2180 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:56:02.0938 2180 clr_optimization_v2.0.50727_64 - ok
16:56:02.0979 2180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:02.0991 2180 clr_optimization_v4.0.30319_32 - ok
16:56:03.0006 2180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:56:03.0019 2180 clr_optimization_v4.0.30319_64 - ok
16:56:03.0035 2180 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:56:03.0048 2180 cmdide - ok
16:56:03.0065 2180 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:56:03.0076 2180 Compbatt - ok
16:56:03.0080 2180 COMSysApp - ok
16:56:03.0086 2180 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:56:03.0098 2180 crcdisk - ok
16:56:03.0112 2180 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:56:03.0135 2180 CryptSvc - ok
16:56:03.0172 2180 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:56:03.0213 2180 DcomLaunch - ok
16:56:03.0230 2180 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:56:03.0264 2180 DfsC - ok
16:56:03.0320 2180 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:56:03.0459 2180 DFSR - ok
16:56:03.0489 2180 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:56:03.0518 2180 Dhcp - ok
16:56:03.0534 2180 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:56:03.0548 2180 disk - ok
16:56:03.0575 2180 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:56:03.0602 2180 Dnscache - ok
16:56:03.0627 2180 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:56:03.0653 2180 dot3svc - ok
16:56:03.0671 2180 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:56:03.0706 2180 DPS - ok
16:56:03.0729 2180 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:56:03.0751 2180 drmkaud - ok
16:56:03.0792 2180 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:56:03.0868 2180 DXGKrnl - ok
16:56:03.0897 2180 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:56:03.0932 2180 E1G60 - ok
16:56:03.0946 2180 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:56:03.0967 2180 EapHost - ok
16:56:03.0984 2180 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:56:03.0998 2180 Ecache - ok
16:56:04.0030 2180 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:56:04.0045 2180 eeCtrl - ok
16:56:04.0085 2180 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:56:04.0122 2180 ehRecvr - ok
16:56:04.0140 2180 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:56:04.0159 2180 ehSched - ok
16:56:04.0169 2180 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:56:04.0191 2180 ehstart - ok
16:56:04.0215 2180 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:56:04.0234 2180 elxstor - ok
16:56:04.0257 2180 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:56:04.0301 2180 EMDMgmt - ok
16:56:04.0319 2180 [ 12C061D9F9621BE916D58191872EC281 ] ENTECH64 C:\Windows\system32\DRIVERS\ENTECH64.sys
16:56:04.0329 2180 ENTECH64 - ok
16:56:04.0344 2180 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:56:04.0354 2180 EraserUtilRebootDrv - ok
16:56:04.0364 2180 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:56:04.0397 2180 ErrDev - ok
16:56:04.0431 2180 [ 20D3741680AB88269BADCDB161B36705 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
16:56:04.0443 2180 ETService ( UnsignedFile.Multi.Generic ) - warning
16:56:04.0443 2180 ETService - detected UnsignedFile.Multi.Generic (1)
16:56:04.0463 2180 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:56:04.0511 2180 EventSystem - ok
16:56:04.0536 2180 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:56:04.0578 2180 exfat - ok
16:56:04.0599 2180 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:56:04.0629 2180 fastfat - ok
16:56:04.0640 2180 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:56:04.0668 2180 fdc - ok
16:56:04.0687 2180 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:56:04.0721 2180 fdPHost - ok
16:56:04.0738 2180 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:56:04.0784 2180 FDResPub - ok
16:56:04.0799 2180 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:56:04.0816 2180 FileInfo - ok
16:56:04.0838 2180 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:56:04.0874 2180 Filetrace - ok
16:56:04.0883 2180 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:04.0916 2180 flpydisk - ok
16:56:04.0929 2180 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:56:04.0944 2180 FltMgr - ok
16:56:04.0981 2180 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
16:56:05.0071 2180 FontCache - ok
16:56:05.0106 2180 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:56:05.0116 2180 FontCache3.0.0.0 - ok
16:56:05.0131 2180 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:56:05.0159 2180 Fs_Rec - ok
16:56:05.0187 2180 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:56:05.0200 2180 gagp30kx - ok
16:56:05.0221 2180 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:05.0230 2180 GEARAspiWDM - ok
16:56:05.0259 2180 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:56:05.0308 2180 gpsvc - ok
16:56:05.0345 2180 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9cf56ff9bde1c C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:05.0355 2180 gupdate1c9cf56ff9bde1c - ok
16:56:05.0359 2180 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:05.0369 2180 gupdatem - ok
16:56:05.0381 2180 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:56:05.0392 2180 gusvc - ok
16:56:05.0407 2180 [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:56:05.0417 2180 hamachi - ok
16:56:05.0447 2180 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:56:05.0500 2180 HdAudAddService - ok
16:56:05.0537 2180 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:56:05.0613 2180 HDAudBus - ok
16:56:05.0629 2180 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:56:05.0670 2180 HidBth - ok
16:56:05.0689 2180 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:56:05.0731 2180 HidIr - ok
16:56:05.0750 2180 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
16:56:05.0770 2180 hidserv - ok
16:56:05.0796 2180 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:56:05.0824 2180 HidUsb - ok
16:56:05.0848 2180 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:56:05.0879 2180 hkmsvc - ok
16:56:05.0893 2180 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:56:05.0907 2180 HpCISSs - ok
16:56:05.0929 2180 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:56:05.0971 2180 HTTP - ok
16:56:05.0981 2180 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:56:05.0993 2180 i2omp - ok
16:56:06.0001 2180 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:56:06.0022 2180 i8042prt - ok
16:56:06.0037 2180 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:56:06.0053 2180 iaStorV - ok
16:56:06.0083 2180 [ 848EDEBB3C1D6FEC50E09EDA95C21E84 ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
16:56:06.0096 2180 ICQ Service - ok
16:56:06.0136 2180 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:56:06.0174 2180 idsvc - ok
16:56:06.0233 2180 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20130118.001\IDSvia64.sys
16:56:06.0248 2180 IDSVia64 - ok
16:56:06.0271 2180 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:56:06.0282 2180 iirsp - ok
16:56:06.0303 2180 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:56:06.0330 2180 IKEEXT - ok
16:56:06.0393 2180 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
16:56:06.0403 2180 int15 - ok
16:56:06.0453 2180 [ F93149CE3E6A866C5F42878BCFF34B6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:56:06.0490 2180 IntcAzAudAddService - ok
16:56:06.0498 2180 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:56:06.0509 2180 intelide - ok
16:56:06.0523 2180 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:56:06.0559 2180 intelppm - ok
16:56:06.0582 2180 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:56:06.0615 2180 IPBusEnum - ok
16:56:06.0632 2180 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:06.0662 2180 IpFilterDriver - ok
16:56:06.0687 2180 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:56:06.0716 2180 iphlpsvc - ok
16:56:06.0720 2180 IpInIp - ok
16:56:06.0732 2180 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:56:06.0760 2180 IPMIDRV - ok
16:56:06.0777 2180 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:56:06.0810 2180 IPNAT - ok
16:56:06.0843 2180 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:56:06.0880 2180 iPod Service - ok
16:56:06.0898 2180 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:56:06.0942 2180 IRENUM - ok
16:56:06.0954 2180 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:56:06.0967 2180 isapnp - ok
16:56:06.0989 2180 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:56:07.0003 2180 iScsiPrt - ok
16:56:07.0014 2180 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:56:07.0027 2180 iteatapi - ok
16:56:07.0043 2180 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:56:07.0057 2180 iteraid - ok
16:56:07.0071 2180 [ 3AF672AB77E21FCDC2DC0E10B55BEF4F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
16:56:07.0093 2180 JRAID - ok
16:56:07.0107 2180 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:07.0119 2180 kbdclass - ok
16:56:07.0138 2180 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:07.0167 2180 kbdhid - ok
16:56:07.0183 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
16:56:07.0208 2180 KeyIso - ok
16:56:07.0283 2180 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:56:07.0318 2180 KSecDD - ok
16:56:07.0343 2180 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:56:07.0371 2180 ksthunk - ok
16:56:07.0442 2180 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:56:07.0496 2180 KtmRm - ok
16:56:07.0534 2180 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:56:07.0576 2180 LanmanServer - ok
16:56:07.0597 2180 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:56:07.0622 2180 LanmanWorkstation - ok
16:56:07.0680 2180 [ 4D25A79A9F67A7E2D8D5382E75FCB124 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
16:56:07.0692 2180 LBTServ - ok
16:56:07.0738 2180 [ AA3D903C5A7538803F2400A8391F1881 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:56:07.0747 2180 LHidFilt - ok
16:56:07.0847 2180 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:56:07.0861 2180 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:56:07.0861 2180 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:56:07.0875 2180 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
16:56:07.0885 2180 lirsgt - ok
16:56:07.0900 2180 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:56:07.0933 2180 lltdio - ok
16:56:07.0952 2180 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:56:07.0995 2180 lltdsvc - ok
16:56:08.0010 2180 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:56:08.0047 2180 lmhosts - ok
16:56:08.0055 2180 [ 90B4B2B0B5F05ABB9FB365405A7B825B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:56:08.0064 2180 LMouFilt - ok
16:56:08.0081 2180 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:56:08.0094 2180 LSI_FC - ok
16:56:08.0109 2180 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:56:08.0122 2180 LSI_SAS - ok
16:56:08.0136 2180 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:56:08.0149 2180 LSI_SCSI - ok
16:56:08.0158 2180 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:56:08.0187 2180 luafv - ok
16:56:08.0201 2180 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:56:08.0214 2180 MBAMProtector - ok
16:56:08.0267 2180 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:56:08.0310 2180 MBAMScheduler - ok
16:56:08.0339 2180 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService D:\Malwarebytes' Anti-Malware\mbamservice.exe
16:56:08.0370 2180 MBAMService - ok
16:56:08.0401 2180 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:56:08.0421 2180 Mcx2Svc - ok
16:56:08.0432 2180 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:56:08.0444 2180 megasas - ok
16:56:08.0461 2180 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:56:08.0490 2180 MegaSR - ok
16:56:08.0508 2180 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:56:08.0543 2180 MMCSS - ok
16:56:08.0557 2180 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:56:08.0585 2180 Modem - ok
16:56:08.0605 2180 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:56:08.0633 2180 monitor - ok
16:56:08.0669 2180 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:56:08.0680 2180 mouclass - ok
16:56:08.0692 2180 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:56:08.0721 2180 mouhid - ok
16:56:08.0746 2180 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:56:08.0758 2180 MountMgr - ok
16:56:08.0803 2180 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:56:08.0816 2180 MozillaMaintenance - ok
16:56:08.0828 2180 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:56:08.0858 2180 mpio - ok
16:56:08.0879 2180 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:56:08.0904 2180 mpsdrv - ok
16:56:08.0930 2180 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:56:08.0960 2180 MpsSvc - ok
16:56:08.0970 2180 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:56:08.0982 2180 Mraid35x - ok
16:56:08.0999 2180 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:56:09.0022 2180 MRxDAV - ok
16:56:09.0033 2180 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:09.0056 2180 mrxsmb - ok
16:56:09.0070 2180 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:09.0092 2180 mrxsmb10 - ok
16:56:09.0097 2180 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:09.0110 2180 mrxsmb20 - ok
16:56:09.0120 2180 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
16:56:09.0132 2180 msahci - ok
16:56:09.0140 2180 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:56:09.0153 2180 msdsm - ok
16:56:09.0163 2180 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:56:09.0196 2180 MSDTC - ok
16:56:09.0215 2180 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:56:09.0243 2180 Msfs - ok
16:56:09.0255 2180 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:56:09.0266 2180 msisadrv - ok
16:56:09.0297 2180 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:56:09.0336 2180 MSiSCSI - ok
16:56:09.0340 2180 msiserver - ok
16:56:09.0351 2180 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:56:09.0378 2180 MSKSSRV - ok
16:56:09.0399 2180 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:09.0426 2180 MSPCLOCK - ok
16:56:09.0437 2180 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:56:09.0468 2180 MSPQM - ok
16:56:09.0490 2180 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:56:09.0506 2180 MsRPC - ok
16:56:09.0523 2180 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:56:09.0534 2180 mssmbios - ok
16:56:09.0556 2180 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:56:09.0583 2180 MSTEE - ok
16:56:09.0591 2180 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:56:09.0603 2180 Mup - ok
16:56:09.0638 2180 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
16:56:09.0649 2180 N360 - ok
16:56:09.0672 2180 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:56:09.0700 2180 napagent - ok
16:56:09.0716 2180 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:56:09.0737 2180 NativeWifiP - ok
16:56:09.0786 2180 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\ENG64.SYS
16:56:09.0797 2180 NAVENG - ok
16:56:09.0898 2180 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20130118.022\EX64.SYS
16:56:09.0946 2180 NAVEX15 - ok
16:56:09.0980 2180 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:56:10.0018 2180 NDIS - ok
16:56:10.0035 2180 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:10.0056 2180 NdisTapi - ok
16:56:10.0083 2180 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:10.0110 2180 Ndisuio - ok
16:56:10.0136 2180 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:10.0158 2180 NdisWan - ok
16:56:10.0179 2180 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:56:10.0208 2180 NDProxy - ok
16:56:10.0226 2180 Nero BackItUp Scheduler 4.0 - ok
16:56:10.0234 2180 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:56:10.0262 2180 NetBIOS - ok
16:56:10.0278 2180 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:56:10.0308 2180 netbt - ok
16:56:10.0321 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
16:56:10.0334 2180 Netlogon - ok
16:56:10.0365 2180 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:56:10.0406 2180 Netman - ok
16:56:10.0443 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0456 2180 NetMsmqActivator - ok
16:56:10.0460 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0470 2180 NetPipeActivator - ok
16:56:10.0486 2180 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:56:10.0519 2180 netprofm - ok
16:56:10.0525 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0536 2180 NetTcpActivator - ok
16:56:10.0540 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:10.0551 2180 NetTcpPortSharing - ok
16:56:10.0561 2180 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:56:10.0572 2180 nfrd960 - ok
16:56:10.0576 2180 NIS - ok
16:56:10.0586 2180 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:56:10.0616 2180 NlaSvc - ok
16:56:10.0622 2180 NPF - ok
16:56:10.0635 2180 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:56:10.0655 2180 Npfs - ok
16:56:10.0662 2180 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:56:10.0690 2180 nsi - ok
16:56:10.0704 2180 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:56:10.0734 2180 nsiproxy - ok
16:56:10.0774 2180 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:56:10.0827 2180 Ntfs - ok
16:56:10.0863 2180 [ A8B8EDB4CDB2927CDC127E5BFE85CA7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:56:10.0873 2180 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
16:56:10.0873 2180 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
16:56:10.0881 2180 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
16:56:10.0891 2180 NTIDrvr - ok
16:56:10.0924 2180 [ 50B1521BC145CE9634A5ACD1C10D84F7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:56:10.0932 2180 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
16:56:10.0932 2180 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
16:56:11.0001 2180 nTuneService - ok
16:56:11.0015 2180 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:56:11.0047 2180 Null - ok
16:56:11.0309 2180 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:11.0588 2180 nvlddmkm - ok
16:56:11.0612 2180 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
16:56:11.0624 2180 nvoclk64 - ok
16:56:11.0648 2180 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:56:11.0668 2180 nvraid - ok
16:56:11.0683 2180 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
16:56:11.0694 2180 nvrd64 - ok
16:56:11.0707 2180 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:56:11.0719 2180 nvstor - ok
16:56:11.0737 2180 [ 39D974FD0937DB87B10E78AE90951FB1 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
16:56:11.0747 2180 nvstor64 - ok
16:56:11.0775 2180 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:56:11.0804 2180 nvsvc - ok
16:56:11.0834 2180 [ 55F03866A969A50CD1574B0F61ACEC1D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:56:11.0864 2180 nvUpdatusService - ok
16:56:11.0877 2180 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:56:11.0891 2180 nv_agp - ok
16:56:11.0895 2180 NwlnkFlt - ok
16:56:11.0898 2180 NwlnkFwd - ok
16:56:11.0919 2180 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:56:11.0946 2180 ohci1394 - ok
16:56:11.0971 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:56:12.0027 2180 p2pimsvc - ok
16:56:12.0053 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:56:12.0093 2180 p2psvc - ok
16:56:12.0119 2180 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:56:12.0153 2180 Parport - ok
16:56:12.0171 2180 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:56:12.0184 2180 partmgr - ok
16:56:12.0213 2180 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:56:12.0244 2180 PcaSvc - ok
16:56:12.0257 2180 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:56:12.0272 2180 pci - ok
16:56:12.0280 2180 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
16:56:12.0291 2180 pciide - ok
16:56:12.0317 2180 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:56:12.0331 2180 pcmcia - ok
16:56:12.0352 2180 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:56:12.0420 2180 PEAUTH - ok
16:56:12.0474 2180 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:56:12.0506 2180 PerfHost - ok
16:56:12.0570 2180 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:56:12.0650 2180 pla - ok
16:56:12.0673 2180 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:56:12.0698 2180 PlugPlay - ok
16:56:12.0701 2180 PnkBstrA - ok
16:56:12.0704 2180 PnkBstrK - ok
16:56:12.0733 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:56:12.0754 2180 PNRPAutoReg - ok
16:56:12.0775 2180 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:56:12.0804 2180 PNRPsvc - ok
16:56:12.0887 2180 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:56:12.0918 2180 PolicyAgent - ok
16:56:12.0935 2180 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:56:12.0961 2180 PptpMiniport - ok
16:56:12.0980 2180 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:56:13.0012 2180 Processor - ok
16:56:13.0031 2180 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:56:13.0061 2180 ProfSvc - ok
16:56:13.0070 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
16:56:13.0081 2180 ProtectedStorage - ok
16:56:13.0100 2180 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:56:13.0121 2180 PSched - ok
16:56:13.0149 2180 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:56:13.0205 2180 ql2300 - ok
16:56:13.0224 2180 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:56:13.0236 2180 ql40xx - ok
16:56:13.0260 2180 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:56:13.0281 2180 QWAVE - ok
16:56:13.0291 2180 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:56:13.0304 2180 QWAVEdrv - ok
16:56:13.0312 2180 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:56:13.0344 2180 RasAcd - ok
16:56:13.0357 2180 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:56:13.0390 2180 RasAuto - ok
16:56:13.0400 2180 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:13.0422 2180 Rasl2tp - ok
16:56:13.0453 2180 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:56:13.0477 2180 RasMan - ok
16:56:13.0487 2180 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:13.0515 2180 RasPppoe - ok
16:56:13.0535 2180 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:56:13.0548 2180 RasSstp - ok
16:56:13.0600 2180 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:56:13.0632 2180 rdbss - ok
16:56:13.0651 2180 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:13.0678 2180 RDPCDD - ok
16:56:13.0710 2180 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:56:13.0748 2180 rdpdr - ok
16:56:13.0764 2180 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:56:13.0791 2180 RDPENCDD - ok
16:56:13.0816 2180 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:56:13.0850 2180 RDPWD - ok
16:56:13.0871 2180 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:56:13.0899 2180 RemoteAccess - ok
16:56:13.0925 2180 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:56:13.0957 2180 RemoteRegistry - ok
16:56:13.0986 2180 [ C1C132455200AD4704142442C89D0FA4 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
16:56:13.0991 2180 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:56:13.0992 2180 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:56:14.0015 2180 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:56:14.0034 2180 RpcLocator - ok
16:56:14.0063 2180 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:56:14.0093 2180 RpcSs - ok
16:56:14.0105 2180 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:56:14.0141 2180 rspndr - ok
16:56:14.0163 2180 [ 81F778D9F3F71F48F498CA1F773D1539 ] s816bus C:\Windows\system32\DRIVERS\s816bus.sys
16:56:14.0174 2180 s816bus - ok
16:56:14.0192 2180 [ 3F4E14192B72A148DD508329E04AFFD4 ] s816mdfl C:\Windows\system32\DRIVERS\s816mdfl.sys
16:56:14.0201 2180 s816mdfl - ok
16:56:14.0216 2180 [ 17A29B53DFD7E9CD8043B7ADADB83F22 ] s816mdm C:\Windows\system32\DRIVERS\s816mdm.sys
16:56:14.0228 2180 s816mdm - ok
16:56:14.0252 2180 [ F9BA1C5DF3854D36EA1F7086FEB97643 ] s816mgmt C:\Windows\system32\DRIVERS\s816mgmt.sys
16:56:14.0262 2180 s816mgmt - ok
16:56:14.0280 2180 [ 0323C1ACCD67844304D69E6BFD93E52D ] s816nd5 C:\Windows\system32\DRIVERS\s816nd5.sys
16:56:14.0299 2180 s816nd5 - ok
16:56:14.0313 2180 [ F8E19BFB8A67407CD54C5FD63F7B3C17 ] s816obex C:\Windows\system32\DRIVERS\s816obex.sys
16:56:14.0324 2180 s816obex - ok
16:56:14.0338 2180 [ B8A998B3A7D6DA10221D479E4DDE5EF7 ] s816unic C:\Windows\system32\DRIVERS\s816unic.sys
16:56:14.0348 2180 s816unic - ok
16:56:14.0360 2180 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
16:56:14.0372 2180 SamSs - ok
16:56:14.0395 2180 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:56:14.0406 2180 sbp2port - ok
16:56:14.0470 2180 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService D:\Spybot - Search & Destroy\SDWinSec.exe
16:56:14.0530 2180 SBSDWSCService - ok
16:56:14.0562 2180 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:56:14.0589 2180 SCardSvr - ok
16:56:14.0640 2180 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:56:14.0682 2180 Schedule - ok
16:56:14.0715 2180 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:56:14.0735 2180 SCPolicySvc - ok
16:56:14.0753 2180 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:56:14.0791 2180 SDRSVC - ok
16:56:14.0799 2180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:56:14.0839 2180 secdrv - ok
16:56:14.0847 2180 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:56:14.0875 2180 seclogon - ok
16:56:14.0885 2180 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:56:14.0914 2180 SENS - ok
16:56:14.0930 2180 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:56:14.0961 2180 Serenum - ok
16:56:14.0974 2180 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:56:15.0005 2180 Serial - ok
16:56:15.0014 2180 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:56:15.0050 2180 sermouse - ok
16:56:15.0077 2180 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:56:15.0114 2180 SessionEnv - ok
16:56:15.0126 2180 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:56:15.0161 2180 sffdisk - ok
16:56:15.0183 2180 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:56:15.0216 2180 sffp_mmc - ok
16:56:15.0228 2180 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:56:15.0257 2180 sffp_sd - ok
16:56:15.0266 2180 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:56:15.0314 2180 sfloppy - ok
16:56:15.0335 2180 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:56:15.0371 2180 SharedAccess - ok
16:56:15.0403 2180 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:56:15.0423 2180 ShellHWDetection - ok
16:56:15.0433 2180 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:56:15.0445 2180 SiSRaid2 - ok
16:56:15.0454 2180 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:56:15.0466 2180 SiSRaid4 - ok
16:56:15.0489 2180 [ 8C84B7756B1B269C4E302CC09EDC8DCE ] SkLaggProtocol C:\Windows\system32\DRIVERS\yk60x64l.sys
16:56:15.0518 2180 SkLaggProtocol - ok
16:56:15.0536 2180 [ 5BC4ED412A202E4E1EF6A5877625D5D6 ] SkVlanProtocol C:\Windows\system32\DRIVERS\yk60x64v.sys
16:56:15.0556 2180 SkVlanProtocol - ok
16:56:15.0621 2180 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:56:15.0732 2180 slsvc - ok
16:56:15.0749 2180 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:56:15.0771 2180 SLUINotify - ok
16:56:15.0782 2180 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:56:15.0811 2180 Smb - ok
16:56:15.0829 2180 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:56:15.0847 2180 SNMPTRAP - ok
16:56:15.0880 2180 [ 152F92DAE4E2294667DE38378F2F7A50 ] Sound Blaster MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
16:56:15.0890 2180 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:56:15.0890 2180 Sound Blaster MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:56:15.0901 2180 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:56:15.0913 2180 spldr - ok
16:56:15.0940 2180 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:56:15.0966 2180 Spooler - ok
16:56:16.0011 2180 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
16:56:16.0031 2180 SRTSP - ok
16:56:16.0044 2180 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
16:56:16.0052 2180 SRTSPX - ok
16:56:16.0072 2180 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:56:16.0103 2180 srv - ok
16:56:16.0128 2180 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:56:16.0171 2180 srv2 - ok
16:56:16.0182 2180 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:56:16.0200 2180 srvnet - ok
16:56:16.0225 2180 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:56:16.0261 2180 SSDPSRV - ok
16:56:16.0274 2180 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:56:16.0300 2180 SstpSvc - ok
16:56:16.0318 2180 Steam Client Service - ok
16:56:16.0339 2180 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:56:16.0354 2180 Stereo Service - ok
16:56:16.0396 2180 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:56:16.0434 2180 stisvc - ok
16:56:16.0453 2180 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:56:16.0463 2180 swenum - ok
16:56:16.0541 2180 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:56:16.0571 2180 swprv - ok
16:56:16.0587 2180 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:56:16.0598 2180 Symc8xx - ok
16:56:16.0623 2180 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
16:56:16.0640 2180 SymDS - ok
16:56:16.0678 2180 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
16:56:16.0730 2180 SymEFA - ok
16:56:16.0765 2180 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:56:16.0776 2180 SymEvent - ok
16:56:16.0803 2180 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
16:56:16.0813 2180 SymIRON - ok
16:56:16.0833 2180 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS
16:56:16.0851 2180 SYMTDIv - ok
16:56:16.0875 2180 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:56:16.0886 2180 Sym_hi - ok
16:56:16.0894 2180 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:56:16.0905 2180 Sym_u3 - ok
16:56:16.0930 2180 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:56:16.0998 2180 SysMain - ok
16:56:17.0015 2180 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:56:17.0031 2180 TabletInputService - ok
16:56:17.0049 2180 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:56:17.0077 2180 TapiSrv - ok
16:56:17.0096 2180 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:56:17.0124 2180 TBS - ok
16:56:17.0179 2180 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:56:17.0233 2180 Tcpip - ok
16:56:17.0268 2180 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:56:17.0304 2180 Tcpip6 - ok
16:56:17.0325 2180 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:56:17.0341 2180 tcpipreg - ok
16:56:17.0358 2180 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:56:17.0393 2180 TDPIPE - ok
16:56:17.0403 2180 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:56:17.0431 2180 TDTCP - ok
16:56:17.0453 2180 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:56:17.0475 2180 tdx - ok
16:56:17.0484 2180 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:56:17.0496 2180 TermDD - ok
16:56:17.0535 2180 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:56:17.0575 2180 TermService - ok
16:56:17.0588 2180 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:56:17.0603 2180 Themes - ok
16:56:17.0623 2180 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:56:17.0651 2180 THREADORDER - ok
16:56:17.0760 2180 [ A808347708C36D6D90BFF27813FBBAAF ] tizekdrv C:\Users\Chris\AppData\Roaming\TZAC\tizek64.sys
16:56:17.0776 2180 tizekdrv - ok
16:56:17.0797 2180 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:56:17.0830 2180 TrkWks - ok
16:56:17.0852 2180 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:56:17.0880 2180 TrustedInstaller - ok
16:56:17.0900 2180 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:17.0927 2180 tssecsrv - ok
16:56:17.0980 2180 [ 286809293BC5AE5D6A1A381B53C72D1A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
16:56:18.0024 2180 TuneUp.UtilitiesSvc - ok
16:56:18.0042 2180 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
16:56:18.0053 2180 TuneUpUtilitiesDrv - ok
16:56:18.0066 2180 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:56:18.0084 2180 tunmp - ok
16:56:18.0098 2180 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:56:18.0110 2180 tunnel - ok
16:56:18.0126 2180 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:56:18.0139 2180 uagp35 - ok
16:56:18.0147 2180 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
16:56:18.0156 2180 UBHelper - ok
16:56:18.0179 2180 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:56:18.0204 2180 udfs - ok
16:56:18.0220 2180 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:56:18.0248 2180 UI0Detect - ok
16:56:18.0258 2180 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:56:18.0270 2180 uliagpkx - ok
16:56:18.0291 2180 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:56:18.0307 2180 uliahci - ok
16:56:18.0320 2180 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:56:18.0335 2180 UlSata - ok
16:56:18.0349 2180 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:56:18.0363 2180 ulsata2 - ok
16:56:18.0375 2180 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:56:18.0402 2180 umbus - ok
16:56:18.0419 2180 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:56:18.0473 2180 upnphost - ok
16:56:18.0497 2180 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:56:18.0516 2180 USBAAPL64 - ok
16:56:18.0543 2180 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:18.0569 2180 usbccgp - ok
16:56:18.0586 2180 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:56:18.0643 2180 usbcir - ok
16:56:18.0657 2180 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:56:18.0678 2180 usbehci - ok
16:56:18.0697 2180 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:56:18.0727 2180 usbhub - ok
16:56:18.0737 2180 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:56:18.0776 2180 usbohci - ok
16:56:18.0797 2180 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:56:18.0824 2180 usbprint - ok
16:56:18.0839 2180 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:18.0864 2180 USBSTOR - ok
16:56:18.0877 2180 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:56:18.0904 2180 usbuhci - ok
16:56:18.0917 2180 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:56:18.0939 2180 UxSms - ok
16:56:18.0955 2180 [ 594DF74EC1411592585D8FE8165D0816 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:56:18.0965 2180 UxTuneUp - ok
16:56:19.0020 2180 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:56:19.0053 2180 vds - ok
16:56:19.0069 2180 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:19.0097 2180 vga - ok
16:56:19.0113 2180 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:56:19.0140 2180 VgaSave - ok
16:56:19.0148 2180 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:56:19.0170 2180 viaide - ok
16:56:19.0188 2180 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:56:19.0201 2180 volmgr - ok
16:56:19.0230 2180 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:56:19.0249 2180 volmgrx - ok
16:56:19.0276 2180 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:56:19.0293 2180 volsnap - ok
16:56:19.0307 2180 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:56:19.0321 2180 vsmraid - ok
16:56:19.0358 2180 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:56:19.0438 2180 VSS - ok
16:56:19.0469 2180 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:56:19.0505 2180 W32Time - ok
16:56:19.0526 2180 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:56:19.0603 2180 WacomPen - ok
16:56:19.0618 2180 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:56:19.0639 2180 Wanarp - ok
16:56:19.0642 2180 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:56:19.0663 2180 Wanarpv6 - ok
16:56:19.0685 2180 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:56:19.0709 2180 wcncsvc - ok
16:56:19.0725 2180 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:56:19.0751 2180 WcsPlugInService - ok
16:56:19.0760 2180 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:56:19.0771 2180 Wd - ok
16:56:19.0808 2180 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:56:19.0840 2180 Wdf01000 - ok
16:56:19.0857 2180 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:56:19.0886 2180 WdiServiceHost - ok
16:56:19.0896 2180 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:56:19.0924 2180 WdiSystemHost - ok
16:56:19.0936 2180 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:56:19.0955 2180 WebClient - ok
16:56:19.0983 2180 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:56:20.0020 2180 Wecsvc - ok
16:56:20.0034 2180 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:56:20.0055 2180 wercplsupport - ok
16:56:20.0066 2180 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:56:20.0088 2180 WerSvc - ok
16:56:20.0101 2180 WinDefend - ok
16:56:20.0106 2180 WinHttpAutoProxySvc - ok
16:56:20.0131 2180 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:56:20.0160 2180 Winmgmt - ok
16:56:20.0207 2180 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:56:20.0271 2180 WinRM - ok
16:56:20.0316 2180 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:56:20.0351 2180 Wlansvc - ok
16:56:20.0368 2180 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:56:20.0388 2180 WmiAcpi - ok
16:56:20.0405 2180 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:56:20.0436 2180 wmiApSrv - ok
16:56:20.0444 2180 WMPNetworkSvc - ok
16:56:20.0459 2180 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:56:20.0479 2180 WPCSvc - ok
16:56:20.0505 2180 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:56:20.0540 2180 WPDBusEnum - ok
16:56:20.0571 2180 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:56:20.0583 2180 WpdUsb - ok
16:56:20.0670 2180 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:56:20.0715 2180 WPFFontCache_v0400 - ok
16:56:20.0729 2180 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:56:20.0761 2180 ws2ifsl - ok
16:56:20.0774 2180 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
16:56:20.0795 2180 wscsvc - ok
16:56:20.0798 2180 WSearch - ok
16:56:20.0853 2180 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:56:20.0955 2180 wuauserv - ok
16:56:20.0996 2180 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:56:21.0029 2180 WudfPf - ok
16:56:21.0049 2180 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:21.0067 2180 WUDFRd - ok
16:56:21.0085 2180 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:56:21.0098 2180 wudfsvc - ok
16:56:21.0117 2180 [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
16:56:21.0162 2180 yukonx64 - ok
16:56:21.0193 2180 [ 177590B0D2F8BE513626BB8C8D6E6A08 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl
16:56:21.0202 2180 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
16:56:21.0219 2180 ================ Scan global ===============================
16:56:21.0251 2180 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:56:21.0273 2180 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:21.0287 2180 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
16:56:21.0306 2180 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:56:21.0310 2180 [Global] - ok
16:56:21.0311 2180 ================ Scan MBR ==================================
16:56:21.0321 2180 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
16:56:23.0204 2180 \Device\Harddisk0\DR0 - ok
16:56:23.0220 2180 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
16:56:23.0277 2180 \Device\Harddisk1\DR1 - ok
16:56:23.0284 2180 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
16:56:23.0352 2180 \Device\Harddisk2\DR2 - ok
16:56:23.0357 2180 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk7\DR7
16:56:25.0279 2180 \Device\Harddisk7\DR7 - ok
16:56:25.0280 2180 ================ Scan VBR ==================================
16:56:25.0292 2180 [ ADA53843539F8335D503404A1FCE83A1 ] \Device\Harddisk0\DR0\Partition1
16:56:25.0294 2180 \Device\Harddisk0\DR0\Partition1 - ok
16:56:25.0321 2180 [ F1FAD39150FD7D4EAF1AD77037D74A80 ] \Device\Harddisk1\DR1\Partition1
16:56:25.0323 2180 \Device\Harddisk1\DR1\Partition1 - ok
16:56:25.0350 2180 [ D4652CCD7185A3BBC1C3BAED7DDE6310 ] \Device\Harddisk2\DR2\Partition1
16:56:25.0352 2180 \Device\Harddisk2\DR2\Partition1 - ok
16:56:25.0355 2180 [ AD090AF179F3B5504CCFAD225B523169 ] \Device\Harddisk7\DR7\Partition1
16:56:25.0357 2180 \Device\Harddisk7\DR7\Partition1 - ok
16:56:25.0357 2180 ============================================================
16:56:25.0357 2180 Scan finished
16:56:25.0357 2180 ============================================================
16:56:25.0364 3440 Detected object count: 7
16:56:25.0364 3440 Actual detected object count: 7
16:57:00.0887 3440 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0887 3440 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0887 3440 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0887 3440 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0888 3440 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0888 3440 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0889 3440 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0889 3440 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0890 3440 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0890 3440 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0890 3440 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0890 3440 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:00.0891 3440 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:57:00.0891 3440 Sound Blaster MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:57:11.0493 2584 Deinitialize success

markusg 25.01.2013 17:02
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chris2 25.01.2013 18:26
Combofix Logfile:
Code:
ComboFix 13-01-24.02 - Chris 25.01.2013  18:05:01.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.8190.5148 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
D:\install.exe
D:\Unwise32.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-25 bis 2013-01-25  ))))))))))))))))))))))))))))))
.
.
2013-01-25 21:41 . 2013-01-25 21:41        --------        d-----w-        C:\_OTL
2013-01-25 17:13 . 2013-01-25 17:16        --------        d-----w-        c:\users\Chris\AppData\Local\temp
2013-01-10 16:45 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2013-01-10 16:45 . 2012-11-20 04:21        253952        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-10 16:45 . 2012-11-23 01:54        2770432        ----a-w-        c:\windows\system32\win32k.sys
2013-01-10 16:45 . 2012-11-22 04:22        456192        ----a-w-        c:\windows\system32\shlwapi.dll
2013-01-10 16:45 . 2012-11-02 10:47        1869824        ----a-w-        c:\windows\system32\msxml3.dll
2013-01-10 16:45 . 2012-11-02 10:47        1794560        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-10 16:45 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\SysWow64\msxml6.dll
2013-01-10 16:45 . 2012-11-02 10:19        1248768        ----a-w-        c:\windows\SysWow64\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 13:40 . 2006-11-02 12:35        67599240        ----a-w-        c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-24 07:18        48128        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-24 07:18        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-24 07:18        368128        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-24 07:18        293376        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-11-14 07:06 . 2012-12-14 16:50        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 16:50        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 16:50        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 16:50        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 16:50        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 16:50        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 16:50        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 16:50        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 16:50        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 16:50        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 16:50        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 16:50        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 16:50        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 16:50        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 16:50        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 16:50        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 16:50        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 16:50        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 16:50        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 16:50        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 16:50        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 16:50        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-13 01:45 . 2012-12-12 16:34        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-12 16:34        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 10:45 . 2012-12-12 16:34        477696        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-12 16:34        68096        ----a-w-        c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-12 16:34        376320        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-12 16:34        26112        ----a-w-        c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-12 16:34        23040        ----a-w-        c:\windows\SysWow64\dpnsvr.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Steam"="d:\steam\steam.exe" [2012-12-08 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-26 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\erecoveryui.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\googleupdater.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\javaw.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\javaws.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ntunecmd.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nvprofile.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"PlayMovie"="c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"iTunesHelper"="d:\itunes\iTunesHelper.exe"
"QuickTime Task"="D:\QTTask.exe" -atboottime
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
.
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-07 17:51]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-07 21:01]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-07 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-29 5682688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 374808]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 3040280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=tb50ffwinamp&tb_uuid=20121115113045352&tb_oid=04-09-2009&tb_mrud=15-11-2012&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 23:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-25  18:24:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-25 17:24
.
Vor Suchlauf: 19 Verzeichnis(se), 45.715.165.184 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 44.904.841.216 Bytes frei
.
- - End Of File - - D314CE4EC408F5344CDADF744DD36E3E
--- --- ---


hi
danke für deine hilfe, hat echt super geklappt.

hätte da noch 3 fragen: mit was war jetzt mein pc befallen? und mit was kann ich mich in zukunft am besten davor schützen?

und was ist mit den ausgeschnittenen objekten bei mir auf dem pc? kann ich die löschen?

danke im vorraus

markusg 28.01.2013 17:50
was sind ausgeschnittene objekte...?
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Chris2 28.01.2013 21:21
damit meine ich Desktop Symbole, Dateien in diversen Ordnern die jetzt plötzlich da sind und sehr blass erscheinen, wie wenn man eine Datei auschneidet.


Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.01.25.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [Administrator]

28.01.2013 19:29:51
mbam-log-2013-01-28 (19-29-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 512882
Laufzeit: 1 Stunde(n), 1 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\01252013_164122\C_Users\Chris\AppData\Roaming\skype.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 28.01.2013 21:41
hi
das sind versteckte dateien und ordner, die vom destkop kannst du löschen, und evtl. desktop.inis in anderen Ordnern.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Chris2 12.02.2013 16:30
Also hier die Liste. Habe nichts dahinter geschrieben weil alle Programme von mir gebraucht werden, außer ein paar Acer Programme. Hab schon unnötiges gelöscht vor einiger Zeit.



Acer Arcade Live Main Page Acer Inc. 14.10.2008 34,5MB 1.1.1331
Acer DV Magician Acer Inc. 14.10.2008 87,2MB 1.5.0920
Acer DVDivine Acer Inc. 14.10.2008 108,3MB 3.2.1705
Acer Empowering Technology Acer Incorporated 14.10.2008 36,6MB 3.0.3008
Acer eRecovery Management Acer Incorporated 14.10.2008 28,0MB 3.0.3013
Acer HomeMedia Acer Inc. 14.10.2008 40,5MB 1.4.1331
Acer HomeMedia Connect Acer Inc. 14.10.2008 36,7MB 1.4.4931
Acer HomeMedia Trial Creator Acer Inc. 14.10.2008 51,5MB 1.4.1331
Acer PlayMovie Acer Inc. 25.11.2008 92,2MB BD 1.5.4218
Acer ScreenSaver Acer Incorporated 14.10.2008 4.01.0422
Acer SlideShow DVD Acer Inc. 14.10.2008 92,7MB 1.5.1109
Acer VideoMagician Acer Inc. 14.10.2008 184,3MB 1.4.1017
Adobe AIR Adobe Systems Incorporated 17.12.2012 44,0MB 3.5.0.880
Adobe Download Assistant Adobe Systems Incorporated 17.12.2012 3,02MB 1.2.3
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 27.09.2010 10.1.85.3
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 14.02.2012 11.1.102.55
ANNO 1404 Ubisoft 24.06.2009 2.953MB 1.00.0000
Apple Application Support Apple Inc. 25.01.2013 65,1MB 2.3.2
Apple Mobile Device Support Apple Inc. 25.01.2013 25,1MB 6.0.1.3
Apple Software Update Apple Inc. 05.09.2011 2,38MB 2.1.3.127
AVM FRITZ!Box Dokumentation AVM Berlin 17.07.2011 3,10MB
AVM FRITZ!Box Druckeranschluss AVM Berlin 17.07.2011
Bing Bar Microsoft Corporation 13.09.2012 0,51MB 7.1.391.0
Bonjour Apple Inc. 27.12.2011 2,01MB 3.0.0.10
Brother HL-2140 Brother 09.04.2010 1,46MB 1.00
Call of Duty: Black Ops II 25.01.2013 14.702MB
Call of Duty: Modern Warfare 2 Infinity Ward 08.12.2012 11.753MB
Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 08.12.2012 11.753MB
Call of Duty: Modern Warfare 3 Infinity Ward - Sledgehammer Games 13.12.2012 14.423MB
Call of Duty: Modern Warfare 3 - Multiplayer Infinity Ward - Sledgehammer Games 08.12.2012 14.423MB
CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 05.07.2012 1,18MB 3.1.1.2
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 05.07.2012 44,3MB 1.9.0.9
Canon MOV Decoder Canon Inc. 05.07.2012 4,69MB 1.8.0.7
Canon MOV Encoder Canon Inc. 05.07.2012 2,86MB 1.6.0.1
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 05.07.2012 44,3MB 3.7.0.4
Canon Utilities Digital Photo Professional 3.10 Canon Inc. 05.07.2012 60,0MB 3.10.2.0
Canon Utilities EOS Sample Music Canon Inc. 05.07.2012 30,7MB 1.0.0.204
Canon Utilities EOS Utility Canon Inc. 05.07.2012 46,3MB 2.10.2.0
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Inc. 05.07.2012 2,12MB 1.0.0.10
Canon Utilities Movie Uploader for YouTube Canon Inc. 05.07.2012 1,11MB 1.2.0.7
Canon Utilities PhotoStitch Canon Inc. 05.07.2012 6,15MB 3.1.22.46
Canon Utilities Picture Style Editor Canon Inc. 05.07.2012 34,0MB 1.9.0.0
Canon Utilities ZoomBrowser EX Canon Inc. 05.07.2012 44,3MB 6.7.0.24
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 05.07.2012 11,6MB 1.5.0.9
CCleaner Piriform 13.12.2011 6,64MB 3.13
CDBurnerXP CDBurnerXP 25.12.2010 9,33MB 4.3.8.2474
CPUID HWMonitor 1.20 11.09.2012 2,43MB
Creative ALchemy (SB MB Edition) 14.10.2008 7,15MB
Creative Sound Blaster MB 14.10.2008 1.0
DivX Codec DivX, Inc. 31.07.2009 0,61MB 6.8.5
DivX Converter DivX, Inc. 31.07.2009 14,4MB 7.1.0
DivX Player DivX, Inc. 31.07.2009 5,39MB 7.2.0
DivX Plus DirectShow Filters DivX, Inc. 31.07.2009 1,07MB
DivX Web Player DivX,Inc. 31.07.2009 1,09MB 1.5.0
Empire: Total War The Creative Assembly 08.12.2012 13.096MB
ET Starter Pro [PND]Tintifax_x 24.10.2009 21,4MB 0.95
FileZilla Client 3.5.3 FileZilla Project 02.10.2012 9,78MB 3.5.3
Foxit Reader 5.1 Foxit Corporation 26.05.2012 33,3MB 5.1.4.104
Free Audio CD to MP3 Converter version 1.3.12.1228 DVDVideoSoft Ltd. 02.02.2012 13,9MB
Free M4a to MP3 Converter 7.0 ManiacTools.com 02.02.2012 3,87MB
Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 14.01.2012 5,34MB
GameSpy Arcade 09.12.2012 14,6MB
Google Earth Google 10.11.2011 92,8MB 6.1.0.5001
Google Updater Google Inc. 05.09.2011 3,59MB 2.4.2432.1652
HiJackThis Trend Micro 31.03.2011 0,36MB 1.0.0
HLSW v1.3.1 Timo Stripf 17.01.2009 12,8MB
iCloud Apple Inc. 25.01.2013 81,9MB 2.1.1.3
ICQ Toolbar ICQ 13.06.2009 0,80MB 3.0.0
ICQ7 ICQ 26.01.2010 39,2MB 7.0
iTunes Apple Inc. 25.01.2013 189,1MB 11.0.1.12
Java(TM) 6 Update 29 Sun Microsystems, Inc. 28.11.2008 94,4MB 6.0.290
JMB36X Raid Configurer JMICRON Technology Corp. 29.04.2008 2,27MB 1.00.0000
Logitech GamePanel Software 2.02 Logitech 25.11.2008 13,4MB 2.02.101
Logitech SetPoint Logitech 25.11.2008 20,2MB 4.60
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 24.01.2013 4,44MB 1.70.0.1100
Marvell Network Configuration Utility Marvell 14.10.2008 3,04MB 2.11.5.3
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.08.2009 42,1MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 42,1MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 189,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 46,5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 24.10.2011 46,4MB 4.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 24.10.2009 0,60MB 8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 03.01.2010 0,21MB 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 01.01.2010 0,76MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,76MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 24.05.2009 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.11.2008 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.11.2010 0,57MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 09.09.2012 13,7MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.11.2012 15,0MB 10.0.40219
mIRC mIRC Co. Ltd. 05.06.2009 2,43MB 6.34
MobileMe Control Panel Apple Inc. 06.04.2012 12,9MB 3.1.8.0
Mozilla Firefox 18.0.1 (x86 de) Mozilla 24.01.2013 50,4MB 18.0.1
Mozilla Maintenance Service Mozilla 24.01.2013 0,20MB 18.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0
Mumble and Murmur Mumble 28.12.2009 38,0MB 1.2.0
Nero Toolbar Ask.com 11.01.2012 2,55MB 1.14.1.0
Nero Toolbar Updater Ask.com 27.12.2011 1.2.0.19709
Norton 360 Symantec Corporation 25.01.2013 118,5MB 20.2.1.22
NTI Backup Now 5 NewTech Infosystems 29.04.2008 27,4MB 5.1.2.103
NTI Media Maker 8 NewTech Infosystems 29.04.2008 179,3MB 8.0.2.6315
NVIDIA 3D Vision Controller-Treiber 306.02 NVIDIA Corporation 11.09.2012 4,05MB 306.02
NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 20.11.2012 18,1MB 306.97
NVIDIA Display Control Panel NVIDIA Corporation 11.09.2012 1,25MB 6.14.12.5896
NVIDIA Drivers NVIDIA Corporation 11.09.2012 1.10.62.40
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 20.11.2012 95,8MB 306.97
NVIDIA Performance NVIDIA Corporation 11.09.2012 16,2MB 6.5
NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Corporation 11.09.2012 79,0MB 9.12.0604
NVIDIA System Monitor NVIDIA Corporation 11.09.2012 21,2MB 6.5
NVIDIA Update 1.10.8 NVIDIA Corporation 11.09.2012 1,01MB 1.10.8
OpenOffice.org 3.0 OpenOffice.org 24.01.2009 333MB 3.0.9358
PartyPoker PartyGaming 04.09.2009 11,4MB 136
PC Wizard 2012.2.1 CPUID 09.09.2012 6,70MB
PhotoScape 09.05.2009 19,8MB
PunkBuster Services Even Balance, Inc. 28.10.2009 0.986
QuickTime Apple Inc. 25.01.2013 73,2MB 7.73.80.64
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.04.2008 15,7MB 6.0.1.5559
Speccy Piriform 10.09.2012 14,4MB 1.17
Spybot - Search & Destroy Safer Networking Limited 20.04.2011 38,6MB 1.6.2
Steam Valve Corporation 08.12.2012 35,5MB 1.0.0.0
Stronghold Firefly Studios 08.12.2012 769MB
Stronghold 3 Firefly Studios 22.12.2012 3.820MB
TeamSpeak 2 RC2 Dominating Bytes Design 25.11.2008 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 01.01.2010 20,9MB
Tom Clancy's Splinter Cell Conviction Ubisoft 02.11.2010 6.934MB 1.04.000
TuneUp Utilities 2011 TuneUp Software 10.09.2012 77,3MB 10.0.4500.49
TZAC ANTICHEAT Tomislav Zubcic 15.03.2012 0,66MB 1.0
Ubisoft Game Launcher UBISOFT 02.11.2010 3,54MB 1.0.0.0
VLC media player 1.1.9 VideoLAN 21.05.2011 20,4MB 1.1.9
Windows Live Anmelde-Assistent Microsoft Corporation 01.03.2009 1,93MB 5.000.818.5
Windows Live-Uploadtool Microsoft Corporation 01.03.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 24.01.2009 0,29MB 1.0.0.8

markusg 13.02.2013 12:28
Hi
ändert nichts daran, das veraltete Software vorhanden ist.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere
HiJackThis : wird nicht mehr entwickelt, funktioniert nicht unter neuen Systemen und Zeigt fehlerhaft an, weg damit.
ICQ Toolbar : Sicherheitsrisiko, verlangsamt den Browser!
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Nero Toolbar : beide
Spybot : bringt nichts, kann weg.
TuneUp : kann dem PC schaden, bringt keine Vorteile, weg mit solchem Unsinn.

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Neustarten, testen, wie PC + Programme wie Browser laufen

Chris2 14.02.2013 08:45
AdwCleaner Logfile:
Code:
# AdwCleaner v2.112 - Datei am 14/02/2013 um 08:36:07 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Chris - CHRIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chris\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\searchplugins\safesearch.xml
Gelöscht mit Neustart : C:\Program Files (x86)\ICQ6Toolbar
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\Conduit
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\ConduitCommon
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\ConduitEngine
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\CT2269050
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\extensions\engine@conduit.com
Gelöscht mit Neustart : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\SweetIMToolbarData

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\prefs.js

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xg1mptbr.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "14-2-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Feb 11 2013 13:35:50 GMT+0100");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "2-7-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Feb 14 2013 08:05:28 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 17:54:45 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 18:42:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 20:29:55 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Nov 07 2012 15:57:20 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Thu Feb 14 2013 08:05:28 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Thu Feb 14 2013 08:05:26 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Feb 14 2013 08:05:27 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Thu Feb 14 2013 08:05:26 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1360815052");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jul 02 2010 11:19:36 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1277823092");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN99983857642317741");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 0);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Feb 14 2013 08:05:28 GMT+0100");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHost[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"585[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 16 2011 17:28:51 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Aug 07 2011 11:19:25 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Aug 09 2011 08:49:42 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{18c72981-978f-4864-8e9b-a1a9da7a59af}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 02 2010 11:19:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "b2507967-7ecf-4665-bd68-ed78147adbe1");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Aug 07 2011 10:54:05 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/16/2011 18");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Mon May 16 2011 17:28:52 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Aug 09 2011 08:49:43 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Aug 09 2011 08:49:43 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Aug 09 2011 08:49:43 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN21594182571085307");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Aug 09 2011 08:49:43 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Aug 09 2011 08:49:43 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("aol_toolbar.surf.date", "8");
Gelöscht : user_pref("aol_toolbar.surf.lastDate", "16");
Gelöscht : user_pref("aol_toolbar.surf.lastMonth", "10");
Gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Gelöscht : user_pref("aol_toolbar.surf.month", "11");
Gelöscht : user_pref("aol_toolbar.surf.prevMonth", "0");
Gelöscht : user_pref("aol_toolbar.surf.total", "12");
Gelöscht : user_pref("aol_toolbar.surf.week", "11");
Gelöscht : user_pref("aol_toolbar.surf.year", "11");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_i[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{5EC4C4DE-FAF6-11DE-960A-0021851F8BC1}");
Gelöscht : user_pref("sweetim.toolbar.version", "1.0.0.9");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [19702 octets] - [14/02/2013 08:36:07]

########## EOF - C:\AdwCleaner[S1].txt - [19763 octets] ##########
--- --- ---

markusg 14.02.2013 10:43
hi
als letzter Test:
HitmanPro - Download - Filepony
lade Hitmanpro, Doppelklicken, lizenz, testlizenz
Auf Scan, nichts löschen, auf weiter, Log als XML exportieren und hier posten, oder packen und anhängen

Chris2 17.02.2013 12:37
Code:
HitmanPro 3.7.2.188
www.hitmanpro.com

  Computer name . . . . : CHRIS-PC
  Windows . . . . . . . : 6.0.2.6002.X64/4
  User name . . . . . . : Chris-PC\Chris
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-02-17 12:34:16
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 44s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 7

  Objects scanned . . . : 3.812.506
  Files scanned . . . . : 15.770
  Remnants scanned  . . : 359.730 files / 3.437.006 keys

Suspicious files ____________________________________________________________

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\dll\wc002131.dll
      Size . . . . . . . : 846.852 bytes
      Age  . . . . . . . : 1500.9 days (2009-01-08 14:20:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DE3029FBE88DFBE1F13CDDF46F6005E15309D1AF9C3B8D3EA8F23F2E3AD7A4EC
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\dll\wc002186.dll
      Size . . . . . . . : 890.455 bytes
      Age  . . . . . . . : 1327.7 days (2009-06-30 19:58:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 238663052C5C99387A0CCF25EE340B233E274D7A656B60F8CEF90E68A24B5EC4
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\dll\wc002190.dll
      Size . . . . . . . : 893.875 bytes
      Age  . . . . . . . : 1326.7 days (2009-07-01 19:05:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C579367D34D577171AF891269BA3881D0A381DC77C47B10A231A0CD160AC6C2D
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\dll\wc002254.dll
      Size . . . . . . . : 961.798 bytes
      Age  . . . . . . . : 690.8 days (2011-03-29 18:04:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC46384133D9411B88E263BE1D6D0A15EF7B2EB1CBC47ABAB1733DEB8F158026
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\pbcl.dll
      Size . . . . . . . : 961.798 bytes
      Age  . . . . . . . : 259.1 days (2012-06-03 10:15:09)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC46384133D9411B88E263BE1D6D0A15EF7B2EB1CBC47ABAB1733DEB8F158026
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\pbclold.dll
      Size . . . . . . . : 961.798 bytes
      Age  . . . . . . . : 1543.7 days (2008-11-26 18:46:31)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC46384133D9411B88E263BE1D6D0A15EF7B2EB1CBC47ABAB1733DEB8F158026
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Chris\AppData\Local\PunkBuster\ET\pb\PnkBstrK.sys
      Size . . . . . . . : 137.176 bytes
      Age  . . . . . . . : 1543.7 days (2008-11-26 20:14:47)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E56C38E22B5904C9BE86AB73A7521899355DA09B33CD95204C4C0E40C800F950
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

markusg 17.02.2013 16:08
War das das ganze Log? kannst du es mal packen und anhängen?

Chris2 05.03.2013 18:16
ja das war das ganze log.

markusg 05.03.2013 18:19
Ok

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Chris2 19.04.2013 18:13
hier die Extra.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 15.04.2013 18:54:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,61% Memory free
16,18 Gb Paging File | 14,19 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,50 Gb Total Space | 35,53 Gb Free Space | 29,74% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 466,36 Gb Free Space | 78,23% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 297,71 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = E8 AF 66 04 00 3A CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B781B9A-9726-4140-8592-453FA963E7CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{2CD6566F-F28E-4C5B-8893-7F4A8E0473B2}" = rport=138 | protocol=17 | dir=out | app=system |
"{45A210B4-B4A4-45C6-B73A-57D665B2A074}" = lport=445 | protocol=6 | dir=in | app=system |
"{60A9084B-47CF-4808-8C18-524BE2DEDE21}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B094483-1FFA-42DA-A4B8-389BE2BE01B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D5D2B94-9EB5-4EA3-9C36-8A4ED3DC656C}" = lport=137 | protocol=17 | dir=in | app=system |
"{99991DC4-415F-4D84-9B4B-EE62DD3EB4D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B76C4B72-0D79-4BDC-AD20-4D743E0413B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3F40F83-70BC-40F3-A964-40A0555CC9E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FD0D59E0-432A-46D7-B576-E813ED731AE1}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DC7CC5-665A-450F-BBB2-102F74067C10}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{0630D2C0-B945-4517-BA4E-F656A7173E69}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{06F70A8D-E906-4956-A6EF-0B1F0E90573E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{121A0C7F-316A-401F-9605-1C4C0C450E27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{124EE5A6-924B-46FB-91B4-5367C1EC4400}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{127D4149-F89C-4D19-AEF9-894F3AC36EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{22D9DDFC-4A7D-44B0-9915-FEFF8402469E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2BBB5C33-15E1-4BFB-8394-67263CF71D34}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe |
"{2BCC1D58-2386-49A0-B24A-4F42D0C9F2CD}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{32F32974-C925-4498-A961-894FD99776A1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{3D5A9DBF-8A74-4875-A37C-46A93C8E89C3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4283EA1D-DAB2-46B9-BD33-075778C596A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47921E9F-C927-4C25-A989-158EFB32459D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{53E3CFC7-82E7-4A25-85C2-ACC3884410EF}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{5DA13343-405A-4EEE-824E-A8822EAEE02A}" = protocol=17 | dir=in | app=d:\splinter cell conviction\src\system\conviction_game.exe |
"{682644CC-5087-4A98-8D8B-DA7F652F6EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{69B3CEFE-9431-4E39-8180-5027900DB5D3}" = protocol=6 | dir=in | app=d:\splinter cell conviction\src\system\conviction_game.exe |
"{758E63F0-455D-4342-935A-348086C6EDA7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78E40100-94A1-4792-8294-51194E531DB1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8113778C-828A-4B49-9CB7-C801294BE59D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{85ED011E-611E-4E9B-A07A-4A879B8304C0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{867FB5B4-E04D-41BE-ABBD-BD0F67D5B194}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{87296A24-7EA6-4B5D-A748-5AE363B1CD2D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{8792D2AA-D742-470D-8034-DF3D58CC9DA5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{87BB0BC8-44A6-498B-AB35-8215D068E210}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{8C11BBF9-817A-43D8-8C46-2402D458620B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{90C89B2E-45F7-43E1-A19B-1D2BA3C734AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90D4A467-9739-4997-89B2-312C72CDD0A0}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{984C1274-5F61-411E-BA8C-BCF6AC9CE519}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{98EF386F-F745-4E2E-A27F-004D2CDEB6DD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{999641DB-316C-4E44-9483-BAF8595A4515}" = protocol=6 | dir=in | app=d:\splinter cell conviction\src\system\gu.exe |
"{9C5D1021-39DF-4540-8125-1E41EB6223AA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{9EED971B-1F97-4F16-8FC1-2B088D1C2866}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A218AB84-EF0C-4B64-B481-34F52A1B1DF2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A2CFC459-D444-4902-AC6B-8484D0D24742}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{A45132FB-C845-4F59-9347-304084DF1ED4}" = protocol=17 | dir=in | app=d:\splinter cell conviction\src\system\gu.exe |
"{A74AC252-1D5F-4E26-80FB-66BBADDA84C0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe |
"{A9E983A0-0845-4481-881D-EB4531E32067}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{AE50672B-D24F-4F77-90D9-BCB90C5B56E4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{AE9111C3-2046-4F57-B97C-2E86D10CD89E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{AF381F63-DFC6-487C-A136-AA0BE9A4722D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B24FAA38-98EE-4264-A372-03E1C7B0AA91}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{B4CB7B43-A390-4AC8-A4F6-9B5832AC6D9D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BD43AADD-17F1-41CF-8E83-CF3B164F64B0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C59A4E06-2A08-46F5-BA94-A5954AF29B56}" = dir=in | app=d:\itunes\itunes.exe |
"{C82FE470-073C-4B01-A0EF-F7C8E1B03024}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D3AABF3B-9170-44D8-8C3E-8531FA15CAF3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{DD9E94DF-9A88-4AA5-AF89-6CF473476A95}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{DDD5B91A-4EC1-4626-A93B-D7F7F3F8FAD2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe |
"{E355EBA4-A649-497D-9956-4BDB89608E77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3842D89-B70B-47CB-AE5A-7C23406C1C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8169185-DB84-49F4-B85E-389C209134B6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA74FFED-A187-45BC-B1CD-CC22F3B79014}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\stronghold\stronghold.exe |
"{EB1B8DAB-D042-4306-AB6C-238C5589CE36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F05D8520-813C-4CDB-A426-01840FBEF813}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\stronghold\stronghold.exe |
"{F2613ECA-7CD7-4D0D-B713-E0A15A5CF79A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F6B390DD-03DE-44CE-A61E-507F40656BA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0309609-E415-42C8-8C61-2483EBA338E9}" = Sony Ericsson PC Suite x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
"SPIRIT 2009.00 DLL-Reg_is1" = SPIRIT 2009.00 DLL-Reg
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{666524AE-8EFB-4992-ABE5-C52A62C92407}" = ET Starter Pro
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8AA0CE-345C-4695-8BF8-598F1E9E0703}" = Brother HL-2140
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy SB MB" = Creative ALchemy (SB MB Edition)
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HLSW_is1" = HLSW v1.3.1
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"PC Wizard 2012_is1" = PC Wizard 2012.2.1
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PunkBusterSvc" = PunkBuster Services
"SPIRIT 2009.00 Bauteile_is1" = SPIRIT 2009.00 Bauteile
"SPIRIT 2009.00 Daten_is1" = SPIRIT 2009.00
"SPIRIT 2009.00 Hilfe_is1" = SPIRIT 2009.00 Hilfe
"SPIRIT 2009.00 Setup Basis_is1" = SPIRIT 2009.00 Basis
"SPIRIT 2009.00 Symbole_is1" = SPIRIT 2009.00 Symbole
"SPIRIT 2009.00_is1" = SPIRIT 2009.00
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 40950" = Stronghold
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 47400" = Stronghold 3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TZAC ANTICHEAT" = TZAC ANTICHEAT
"VLC media player" = VLC media player 1.1.9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.12.2010 12:46:43 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 01.12.2010 13:00:13 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 01.12.2010 13:00:13 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 01.12.2010 13:00:18 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.12.2010 12:14:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.12.2010 12:14:03 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.12.2010 12:15:13 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.12.2010 12:28:08 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.12.2010 12:28:08 | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.12.2010 12:28:15 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 14.04.2013 13:02:29 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.04.2013 13:02:29 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.04.2013 13:02:29 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.04.2013 13:02:29 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.04.2013 13:02:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 15.04.2013 12:28:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.04.2013 12:28:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.04.2013 12:28:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15.04.2013 12:28:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 15.04.2013 12:28:35 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =
 
[ TuneUp Events ]
Error - 05.06.2009 16:35:25 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 05.06.2009 16:41:00 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 05.06.2009 16:43:15 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 05.06.2009 16:54:46 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 07.06.2009 13:32:05 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
Error - 21.06.2009 11:53:34 | Computer Name = Chris-PC | Source = TuneUp Program Statistics | ID = 131840
Description =
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 15.04.2013 18:54:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Chris\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,61% Memory free
16,18 Gb Paging File | 14,19 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,50 Gb Total Space | 35,53 Gb Free Space | 29,74% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 466,36 Gb Free Space | 78,23% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 297,71 Gb Free Space | 49,94% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.15 18:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe
PRC - [2011.03.29 19:04:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 18:29:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 21:24:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2011.09.19 16:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2011.03.29 19:04:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.15 09:54:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service)
SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.04.25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.01.31 05:18:18 | 000,455,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013.01.26 11:25:45 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009.06.25 17:31:23 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.06.25 17:31:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.06.07 16:41:46 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.01.30 11:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008.01.30 11:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007.12.14 10:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol)
DRV:64bit: - [2007.12.06 10:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.11.26 05:16:32 | 000,086,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007.11.23 10:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol)
DRV:64bit: - [2007.08.20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2007.06.19 10:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007.06.19 10:50:54 | 000,129,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816unic.sys -- (s816unic)
DRV:64bit: - [2007.06.19 10:50:54 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mgmt.sys -- (s816mgmt)
DRV:64bit: - [2007.06.19 10:50:54 | 000,121,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816obex.sys -- (s816obex)
DRV:64bit: - [2007.06.19 10:50:54 | 000,030,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816nd5.sys -- (s816nd5)
DRV:64bit: - [2007.06.19 10:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007.06.19 10:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816bus.sys -- (s816bus)
DRV:64bit: - [2006.12.13 19:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aksdf.sys -- (aksdf)
DRV:64bit: - [2006.12.04 11:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2006.11.02 09:48:50 | 000,326,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ati2mpad.sys -- (ati2mpad)
DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.01.25 02:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130415.003\ex64.sys -- (NAVEX15)
DRV - [2013.01.25 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.01.25 02:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130415.003\eng64.sys -- (NAVENG)
DRV - [2013.01.24 17:29:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.12.14 19:06:25 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.03.16 10:18:35 | 000,241,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Chris\AppData\Roaming\TZAC\tizek64.sys -- (tizekdrv)
DRV - [2010.10.07 18:08:48 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008.06.18 14:54:58 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.25 13:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\Festplatte F\Neuer Ordner\neuer ordner\Neuer Ordner
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\ [2013.04.15 18:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\ [2013.01.26 11:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 18:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 18:29:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 18:29:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 18:29:29 | 000,000,000 | ---D | M]
 
[2008.11.26 19:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2013.02.14 09:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\xg1mptbr.default\extensions
[2010.12.24 09:11:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\xg1mptbr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.14 08:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\xg1mptbr.default\extensions\nostmp
[2012.12.12 18:28:15 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 09:19:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.14 08:34:12 | 000,499,731 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi
[2012.11.15 18:30:59 | 000,002,539 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\aol-search.xml
[2013.04.09 19:44:17 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-10.xml
[2010.06.27 21:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-11.xml
[2010.07.02 11:19:35 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-12.xml
[2010.07.22 19:37:38 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-13.xml
[2010.07.26 21:28:07 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-14.xml
[2010.09.12 18:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-15.xml
[2010.09.17 20:18:58 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-16.xml
[2010.10.24 09:33:33 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-17.xml
[2010.10.29 18:32:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-18.xml
[2010.12.13 19:40:20 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-19.xml
[2010.12.24 10:00:04 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-20.xml
[2011.03.21 18:11:06 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-21.xml
[2011.04.21 20:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-22.xml
[2011.05.14 08:34:46 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-23.xml
[2009.09.11 23:18:56 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-4.xml
[2009.10.30 21:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-5.xml
[2009.12.17 18:12:26 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-6.xml
[2010.01.06 18:39:41 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-7.xml
[2010.01.06 21:21:07 | 000,000,961 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-8.xml
[2010.03.24 20:03:08 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\icqplugin-9.xml
[2009.03.02 19:23:26 | 000,001,632 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\live-search.xml
[2009.09.04 16:52:21 | 000,001,196 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\xg1mptbr.default\searchplugins\winamp-search.xml
[2013.04.12 18:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.12 18:29:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.04.12 18:29:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.11 17:39:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 21:11:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.11 17:39:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.11 17:39:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.11 17:39:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.11 17:39:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2013.01.25 19:16:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StereoLinksInstall] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BDD8CE-4D70-4E25-BA27-0AD73A45443F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82C2C6BA-FB20-4424-ACA6-FE9CA49AAF90}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {56399089-5F99-8F92-4265-56FF803DC2D2} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D9740FAA-51E0-687F-CDA2-C524445422D4} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: EmpoweringTechnology - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\itunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 18:53:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013.04.15 18:32:39 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013.04.12 18:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.01 17:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 20:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{CC536A6D-07D9-0000-534F-465454454348}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 18:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013.04.15 18:46:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 18:34:22 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.15 18:34:22 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.15 18:34:22 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.15 18:34:22 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.15 18:34:22 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.15 18:28:31 | 000,000,138 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.04.15 18:28:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 18:28:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2013.04.15 18:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 18:28:07 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 18:28:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.14 20:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 14:15:36 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.12 16:37:09 | 000,246,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 17:47:52 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.30 13:52:56 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.03.27 20:15:14 | 000,092,672 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 17:47:52 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.09 13:23:12 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013.03.09 13:23:12 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2013.03.09 13:23:12 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2013.02.25 01:00:00 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013.02.22 01:00:00 | 000,000,138 | ---- | C] () -- C:\Windows\Brownie.ini
[2013.01.18 01:00:00 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini
[2013.01.16 01:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.11 01:00:00 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2012.12.31 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.15 01:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.12.07 01:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.25 01:00:00 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012.11.18 01:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.11 01:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.10 17:49:38 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2012.09.10 17:14:14 | 000,003,072 | ---- | C] () -- C:\Users\Chris\AppData\Local\file__0.localstorage
[2012.09.10 09:39:30 | 000,000,732 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2011.10.25 17:28:09 | 001,538,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.18 23:49:51 | 000,001,940 | ---- | C] () -- C:\Users\Chris\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008.12.24 01:00:00 | 000,003,422 | ---- | C] () -- C:\Users\Chris\.recently-used.xbel
[2008.11.27 19:14:45 | 000,092,672 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.26 18:13:49 | 000,002,032 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.12.26 10:59:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited
[2012.07.06 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon
[2012.12.18 19:37:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.07.14 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CPUControl
[2012.02.03 08:47:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2012.01.15 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.25 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\eSobi
[2013.02.01 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2012.07.05 19:58:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2008.12.24 18:06:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2013.01.03 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HLSW
[2008.11.28 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ Toolbar
[2009.10.02 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Inkscape
[2012.10.27 11:52:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mumble
[2009.01.25 14:46:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012.12.18 19:40:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PhotoScape
[2011.04.01 18:58:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SLAnticheat
[2009.01.31 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2008.12.13 22:18:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Teleca
[2011.03.05 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\The Creative Assembly
[2010.01.25 20:54:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010.12.06 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2012.03.16 10:27:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TZAC
[2009.06.25 17:42:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.25 19:16:04 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009.05.09 16:11:52 | 000,000,000 | ---D | M] -- C:\ACER
[2008.11.26 18:14:32 | 000,000,000 | ---D | M] -- C:\ACERSW
[2008.04.30 19:02:43 | 000,000,000 | ---D | M] -- C:\book
[2012.12.10 18:47:24 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.11.26 18:08:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.11.27 19:34:29 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.08.21 07:57:08 | 000,000,000 | ---D | M] -- C:\GAIA
[2012.09.12 11:26:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.11.30 18:29:09 | 000,000,000 | ---D | M] -- C:\output
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.09 13:20:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.15 18:51:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.03.27 20:16:22 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.11.26 18:08:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.25 19:24:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2008.04.30 18:49:21 | 000,000,000 | ---D | M] -- C:\RaidTool
[2008.11.26 18:21:13 | 000,000,000 | ---D | M] -- C:\SiteAdvisor
[2012.12.08 17:24:01 | 000,000,000 | ---D | M] -- C:\SteamLibrary
[2013.04.15 18:56:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.11 17:41:56 | 000,000,000 | ---D | M] -- C:\TEMP
[2012.09.12 16:00:34 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.15 18:32:39 | 000,000,000 | ---D | M] -- C:\Windows
[2008.11.27 19:26:53 | 000,000,000 | ---D | M] -- C:\Y.D.T
[2013.01.25 23:41:22 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,554 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.05.07 23:01:12 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009.07.01 18:21:53 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.01 18:21:53 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 09:10:06 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\erdnt\cache64\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache86\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\erdnt\cache86\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\erdnt\cache64\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\erdnt\cache86\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\erdnt\cache64\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\erdnt\cache86\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\erdnt\cache64\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.03.06 01:00:00 | 000,003,422 | ---- | M] () -- C:\Users\Chris\.recently-used.xbel
[2013.04.15 18:54:40 | 007,340,032 | ---- | M] () -- C:\Users\Chris\NTUSER.DAT
[2013.01.25 23:49:10 | 000,001,024 | -H-- | M] () -- C:\Users\Chris\ntuser.dat.LOG
[2013.04.15 18:54:40 | 000,262,144 | -H-- | M] () -- C:\Users\Chris\ntuser.dat.LOG1
[2008.11.26 18:11:49 | 000,000,000 | -H-- | M] () -- C:\Users\Chris\ntuser.dat.LOG2
[2009.12.01 17:54:17 | 000,000,000 | -H-- | M] () -- C:\Users\Chris\NTUSER.DAT_tureg_new.LOG1
[2013.02.12 01:00:00 | 000,000,000 | -H-- | M] () -- C:\Users\Chris\NTUSER.DAT_tureg_new.LOG2
[2012.12.10 18:47:35 | 009,175,040 | ---- | M] () -- C:\Users\Chris\NTUSER.DAT_tureg_old
[2011.01.13 19:29:14 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{7b16b380-1f3a-11e0-9a43-0021851f8bc1}.TM.blf
[2013.02.09 01:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{7b16b380-1f3a-11e0-9a43-0021851f8bc1}.TMContainer00000000000000000001.regtrans-ms
[2013.02.08 01:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{7b16b380-1f3a-11e0-9a43-0021851f8bc1}.TMContainer00000000000000000002.regtrans-ms
[2011.01.12 20:21:12 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{85ebbbba-de91-11de-a7b6-806e6f6e6963}.TM.blf
[2013.02.06 01:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{85ebbbba-de91-11de-a7b6-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009.12.01 23:42:39 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{85ebbbba-de91-11de-a7b6-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2013.04.14 20:40:06 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{bc7bed9e-42e8-11e2-a342-806e6f6e6963}.TM.blf
[2013.04.14 20:40:06 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{bc7bed9e-42e8-11e2-a342-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012.12.10 19:15:13 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{bc7bed9e-42e8-11e2-a342-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009.12.01 17:54:19 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2013.01.31 01:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2008.11.26 18:45:19 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2012.12.10 18:47:34 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cb907268-1f3a-11e0-9b98-0021851f8bc1}.TM.blf
[2013.01.28 01:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cb907268-1f3a-11e0-9b98-0021851f8bc1}.TMContainer00000000000000000001.regtrans-ms
[2011.01.13 19:31:11 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{cb907268-1f3a-11e0-9b98-0021851f8bc1}.TMContainer00000000000000000002.regtrans-ms
[2008.11.26 18:11:49 | 000,000,020 | -HS- | M] () -- C:\Users\Chris\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:23 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132